[WIP] Tasklist Single Application #18474
Conversation
github-actions
bot
added
component/zeebe
romansmirnov
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return http.securityMatcher("/v1/topology", "/v1/user-tasks/**") | ||
| .csrf() | ||
| .disable() |
Check failure
Code scanning / CodeQL
Disabled Spring CSRF protection High
| } | ||
|
|
||
| private static HttpSecurity configureSecurity(final HttpSecurity http) throws Exception { | ||
| return http.csrf(CsrfConfigurer::disable) |
Check failure
Code scanning / CodeQL
Disabled Spring CSRF protection High
| @@ -114,6 +124,8 @@ camunda: | |||
| url: http://localhost:9200 | |||
| # Index prefix, configured in Zeebe Elasticsearch exporter | |||
| prefix: zeebe-record | |||
| importer: | |||
| @@ -30,7 +30,7 @@ public void initialize(ConfigurableApplicationContext context) { | |||
| } | |||
|
|
|||
| protected boolean shouldApplyDefaultAuthenticationProfile(final Set<String> activeProfiles) { | |||
| if (activeProfiles.contains(Profile.OPERATE.getId())) { | |||
| if (activeProfiles.contains(Profile.OPERATE.getId()) || activeProfiles.contains(Profile.TASKLIST.getId())) { | |||
| return OperateProfileService.AUTH_PROFILES.stream().noneMatch(activeProfiles::contains); | |||
There was a problem hiding this comment.
we need to centralize auth profiles in a single place
| @@ -62,14 +63,19 @@ public void initialize(final ConfigurableApplicationContext context) { | |||
| } | |||
|
|
|||
| protected boolean shouldEnableProbes(final List<String> activeProfiles) { | |||
| return activeProfiles.stream().anyMatch(p -> p.equalsIgnoreCase(Profile.OPERATE.getId())); | |||
| return activeProfiles.stream() | |||
There was a problem hiding this comment.
we can define Profile settings. to avoid doing if profile == Operate or profile == Tasklist in multiple places
| public class TasklistModuleConfiguration { | ||
|
|
||
| // if present, then it will ensure | ||
| // that the broker is started first |
There was a problem hiding this comment.
Do we have Broker and Gateway beans ?
| .anonymous(AnonymousConfigurer::disable); | ||
| } | ||
|
|
||
| @Profile("auth") |
There was a problem hiding this comment.
not needed. It is defined at class level
|
|
||
| @GetMapping("/index.html") | ||
| public String index() { | ||
| return "redirect:/operate"; |
There was a problem hiding this comment.
we should check if Tasklist standalone mode is used, in such case we need to redirect to /tasklist
| @@ -6,7 +6,7 @@ spring.web.resources.static-locations=classpath:/META-INF/resources/operate/ | |||
|
|
|||
| # configure thymeleaf used by index.html | |||
| spring.thymeleaf.check-template-location=true | |||
| spring.thymeleaf.prefix=classpath:/META-INF/resources/operate/ | |||
There was a problem hiding this comment.
how does this impact Tasklist parameter ?
| @@ -31,6 +32,7 @@ | |||
|
|
|||
| @Component | |||
| @RestControllerEndpoint(id = "backups") | |||
| @Profile("standalone") | |||
There was a problem hiding this comment.
can we rather use @RestControllerEndpoint(id = "tasklist/backups") to be able to create backups with the single application?
| @@ -14,12 +14,14 @@ | |||
| import java.util.List; | |||
| import org.springframework.beans.factory.annotation.Autowired; | |||
| import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint; | |||
| import org.springframework.context.annotation.Profile; | |||
| import org.springframework.http.MediaType; | |||
| import org.springframework.stereotype.Component; | |||
| import org.springframework.web.bind.annotation.GetMapping; | |||
|
|
|||
| @Component | |||
| @RestControllerEndpoint(id = "usage-metrics") | |||
| @@ -46,7 +46,7 @@ public class ClientConfig { | |||
| @Value("${CAMUNDA_TASKLIST_IDENTITY_USER_ACCESS_RESTRICTIONS_ENABLED:#{true}}") | |||
| public boolean isUserAccessRestrictionsEnabled; | |||
|
|
|||
| @Autowired private TasklistProfileService profileService; | |||
| // @Autowired private TasklistProfileService profileService; | |||
Description
Related issues
closes #