Decision Server parameter properties

You use context, init and MultipartConfig parameters to customize the Decision Server Runtime and Decision Server Console behavior through a configuration map.

The following table shows the properties that you can set in a configuration map (configmap) to customize the Decision Server Runtime behavior.

Table 1. Context parameters (`context-param`)
Property name	Default value	Description
`AsynchronousRulesetParsing`	`false`	Specify whether the parsing of the ruleset is asynchronous for all the HTDS executions.
`DefaultTimeZoneForJsonDeserialization`	`default`	Specify the timezone in which dates are expressed in case they do not contain timezone information, for the REST JSON execution endpoint. Possible values: `default`: No override of the timezone used by the JSON parser (GMT). `server`: Override of the timezone used by the JSON parser to use the JVM default timezone. A timezone identifier: Override of the timezone used by the JSON parser to use the specified timezone, if it is a valid timezone.
`CheckEmptyJsonRequests`	`true`	Specify whether to check for empty JSON requests and reject them. The default value is `true`, but it might impact performance in case the requested documents are large.
`DecisionServicePrefix`	`HTDS`	Specify the root name that is used to register the Decision MBean. Use this parameter to deploy multiple instances of HTDS into the same server.
`EmitErrorEventOnRulesetNotExecuted`	`false`	Allows HTDS to emit an event to Kafka whenever the execution request for a ruleset is not carried out, in the case of incorrect parameter deserialization. However, rulesets must have properties set to emit events, and as well, the event emitter plug-in must be configured. See Emitting runtime events. Possible values: `true`: Emit an event in case of deserialization issue. `false`: No event is generated in such case.
`forceSerializationOfNullFieldsDecoratedWithJAXBAnnotations`	`false`	Specify whether to force inclusion of null values in JSON responses (`{ "fieldName": null}`) when corresponding fields are decorated with JAXB annotations like `@XmlElement`.
`InfoRulesFiredPropertiesFilter`	`false`	Specifies whether the filter is applied to the properties of the `ruleInformation` for the rules that are fired as the result of the ruleset execution. `true`: Properties are filtered `false`: Properties are not filtered.
`ResetJsonMapperElapsedHoursThreshold`	`24`	Specify the duration in hours after which the JSON serializer is reset.
`QualifyElementsInParametersNamespaceForWSDL`	`default`	Specify the timezone in which dates are expressed in case they do not contain timezone information for the REST JSON execution endpoint. Possible values: `default`: does not override timezone used by the JSON parser (GMT) `server`: overrides timezone used by the JSON parser and uses the JVM's default timezone `a timezone identifier`: overrides timezone used by the JSON parser and use the specified timezone, if it is a valid timezone identifier

Table 2. Init parameters of the response-headers filter (`filter:response-headers`) of Decision Server Runtime and Decision Server Console
Property name	Default value	Description
`X-Content-Type-Options`	`nosniff`	`X-Content-Type-Options` is an HTTP response header that helps prevent MIME-type sniffing attacks. Default value is `nosniff`. This forces the browser to strictly honor the server-declared MIME type and also to protect against attacks where malicious content could be interpreted as executable (example, a disguised script). It improves content-type handling security.
`X-XSS-Protection`	`1; mode=block`	Configures legacy XSS filters in compatible browsers. The header instructs the browsers to activate their built-in XSS filters, which can detect and block potentially malicious scripts. Default value is `1; mode=block`. This enables the XSS filter. If a cross-site scripting attack is detected, the browser blocks rendering of the page rather than sanitizing it.
`Access-Control-Allow-Credential`	`false`	Specify the Cross-Origin Resource Sharing (CORS) setting that controls whether responses can be exposed when requests include credentials, including cookies, authorization headers, and TLS client certs. Setting the value to `false` explicitly forbids sharing credentials in cross-origin requests and enhances security by preventing browsers from sending and receiving cookies or authorization headers in CORS requests.
`Access-Control-Allow-Origin`	`null`	This CORS setting specifies which origins are permitted to access the resource. The default value is `null`. This indicates that no external origin is allowed unless explicitly handled by the application. It is a restrictive setting that ensures only same-origin requests succeed.

Table 3. MultipartConfig parameters of the FrontendUploadServlet servlet that you can set for Decision Server Console
Property name	Default value	Description
`max-file-size`	`104857600`	Specify the maximum file size for a RuleApp archive to be updated. By default, it is set to 104,857,600 bytes (100 Mb). If you try to upload, restore, or deploy a RuleApp archive whose size exceeds amount, you get an error message. You can resolve this issue by increasing the value of the maximum file size.
`max-request-size`	`209715200`	Specify the maximum size allowed for multipart, form-data requests. The default value is set to 209,715,200 bytes.
`file-size-threshold`	`1048576`	Specify the size threshold after which the file is written to disk. The default value is 1,048,576 bytes.