-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Tasklist Single Application #18474
base: main
Are you sure you want to change the base?
Conversation
return http.securityMatcher("/v1/topology", "/v1/user-tasks/**") | ||
.csrf() | ||
.disable() |
Check failure
Code scanning / CodeQL
Disabled Spring CSRF protection High
} | ||
|
||
private static HttpSecurity configureSecurity(final HttpSecurity http) throws Exception { | ||
return http.csrf(CsrfConfigurer::disable) |
Check failure
Code scanning / CodeQL
Disabled Spring CSRF protection High
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just taking notes about the subjects to discuss with Roman
@@ -114,6 +124,8 @@ camunda: | |||
url: http://localhost:9200 | |||
# Index prefix, configured in Zeebe Elasticsearch exporter | |||
prefix: zeebe-record | |||
importer: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this used?
@@ -30,7 +30,7 @@ public void initialize(ConfigurableApplicationContext context) { | |||
} | |||
|
|||
protected boolean shouldApplyDefaultAuthenticationProfile(final Set<String> activeProfiles) { | |||
if (activeProfiles.contains(Profile.OPERATE.getId())) { | |||
if (activeProfiles.contains(Profile.OPERATE.getId()) || activeProfiles.contains(Profile.TASKLIST.getId())) { | |||
return OperateProfileService.AUTH_PROFILES.stream().noneMatch(activeProfiles::contains); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to centralize auth profiles in a single place
@@ -62,14 +63,19 @@ public void initialize(final ConfigurableApplicationContext context) { | |||
} | |||
|
|||
protected boolean shouldEnableProbes(final List<String> activeProfiles) { | |||
return activeProfiles.stream().anyMatch(p -> p.equalsIgnoreCase(Profile.OPERATE.getId())); | |||
return activeProfiles.stream() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can define Profile settings. to avoid doing if profile == Operate or profile == Tasklist in multiple places
public class TasklistModuleConfiguration { | ||
|
||
// if present, then it will ensure | ||
// that the broker is started first |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have Broker
and Gateway
beans ?
.anonymous(AnonymousConfigurer::disable); | ||
} | ||
|
||
@Profile("auth") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not needed. It is defined at class level
|
||
@GetMapping("/index.html") | ||
public String index() { | ||
return "redirect:/operate"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should check if Tasklist standalone mode is used, in such case we need to redirect to /tasklist
@@ -6,7 +6,7 @@ spring.web.resources.static-locations=classpath:/META-INF/resources/operate/ | |||
|
|||
# configure thymeleaf used by index.html | |||
spring.thymeleaf.check-template-location=true | |||
spring.thymeleaf.prefix=classpath:/META-INF/resources/operate/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how does this impact Tasklist parameter ?
@@ -31,6 +32,7 @@ | |||
|
|||
@Component | |||
@RestControllerEndpoint(id = "backups") | |||
@Profile("standalone") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we rather use @RestControllerEndpoint(id = "tasklist/backups")
to be able to create backups with the single application?
@@ -14,12 +14,14 @@ | |||
import java.util.List; | |||
import org.springframework.beans.factory.annotation.Autowired; | |||
import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint; | |||
import org.springframework.context.annotation.Profile; | |||
import org.springframework.http.MediaType; | |||
import org.springframework.stereotype.Component; | |||
import org.springframework.web.bind.annotation.GetMapping; | |||
|
|||
@Component | |||
@RestControllerEndpoint(id = "usage-metrics") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
@@ -46,7 +46,7 @@ public class ClientConfig { | |||
@Value("${CAMUNDA_TASKLIST_IDENTITY_USER_ACCESS_RESTRICTIONS_ENABLED:#{true}}") | |||
public boolean isUserAccessRestrictionsEnabled; | |||
|
|||
@Autowired private TasklistProfileService profileService; | |||
// @Autowired private TasklistProfileService profileService; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be fixed
Description
Related issues
closes #