- Apr 16, 2021
-
-
Bonita CI authored
-
- Apr 15, 2021
-
-
abirembaut authored
* when the target servlet commit the response it is too late for the filter to be able to update the headers so doing it after the doFilter is a bad idea
-
Bonita CI authored
-
Dumitru Corini authored
- Fo roles, groups, process, users, case start and task data resources covers [BPO-618](https://bonitasoft.atlassian.net/browse/BPO-618)
-
- Apr 12, 2021
-
-
Dumitru Corini authored
* feat(application API): Check image file size for image upload servlet covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
- Apr 10, 2021
-
-
Emmanuel Duchastenier authored
This PR changes permissions by reloading from the Engine the permissions each time we need to read them (still requires to add some cache Engine-side for performance) Relates to [RUNTIME-175](https://bonitasoft.atlassian.net/browse/RUNTIME-175) Relates to [RUNTIME-230](https://bonitasoft.atlassian.net/browse/RUNTIME-230)
-
- Apr 09, 2021
-
-
DumitruCorini authored
covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
DumitruCorini authored
covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
abirembaut authored
* remove unused getConf method in SSO filters
-
abirembaut authored
* remove wrong and useless condition as it is already defined in NoCaheFilter pattern in web.xml * set the header after the chain.dofilter so that the firect filter in the web.xml (NoCache filter) has priority
-
- Apr 08, 2021
-
-
julienmege authored
-
Bonita CI authored
-
abirembaut authored
* fix(HTTP headers): enforce X-Content-Type and X-Frame headers - set headers only once (use setHeader instead of addHeader) Relates to [BPO-664](https://bonitasoft.atlassian.net/browse/BPO-664)
-
- Apr 07, 2021
-
-
Dumitru Corini authored
* the ApplicationAPI now returns a new parameter called `icon` that contains the url to the icon * the icon is served by the servlet `../API/applicationIcon/<id>?t=<lastUpdateDate>` example of application API response: ``` { updatedBy: "-1", displayName: "Admin app", lastUpdateDate: "1605275321167", description: "", themeId: "912", homePageId: "1001", creationDate: "1605275320903", version: "0.0.3", layoutId: "805", token: "admin", createdBy: "-1", profileId: "2", iconPath: "../API/applicationIcon/901?t=1605275321167" id: "901", state: "ACTIVATED", iconPath: "" } ``` Relates to [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
Emmanuel Duchastenier authored
so that `mvn clean test verify` does not have side effects when run twice
-
- Apr 05, 2021
-
-
danila_mazour authored
Remove the last references to autologin, as it has already been removed functionaly
-
- Mar 11, 2021
-
-
abirembaut authored
* Fix web.xml * restore home page, download and image servlet * restore URL rewrite filter * Remove BonitaForm.html from portal look n feel
-
Baptiste Mesta authored
-
Baptiste Mesta authored
Few classes had to be moved from the forms module: * ThemeExtractor * URLUtils
-
- Mar 08, 2021
-
-
Emmanuel Duchastenier authored
so that web can pull Engine COMPILED with Java 11 even if for now, this repo still BUILDS with target Java 8 JDK 11 is used for compilation, except for GWT compilation, as it wouldn't work. That's why we specify JDK8 path, just for GWT compilation.
-
- Mar 05, 2021
-
-
Dumitru Corini authored
* feat(application API): Add filter by userId
-
Romain Bioteau authored
* remove groovy-all dependency * only use groovy module * other modules (json, nio..etc) are provided by the engine == NOT RELATED == * Also, improve checkout by doing shallow clone
-
- Mar 01, 2021
-
-
abirembaut authored
platform - support empty config exclude pattern to override default - remove X-XSS-Protection as IE is no longer supported - separate X-Content-Type-Options and X-Frame-Options into different servlet filter - support exclusion pattern and configurable header values (in web.xml) Relates to [BPO-664](https://bonitasoft.atlassian.net/browse/BPO-664)
-
Emmanuel Duchastenier authored
Closes [RUNTIME-124](https://bonitasoft.atlassian.net/browse/RUNTIME-124)
-
- Feb 24, 2021
-
-
abirembaut authored
* session invalidation was removed for SSO as keycloak already handle it for OIDC and SAML and it was caussing issues to renew the session twice, but it needs to remain for kerberos. Covers [RUNTIME-67](https://bonitasoft.atlassian.net/browse/RUNTIME-67)
-
- Feb 22, 2021
- Feb 12, 2021
-
-
Emmanuel Duchastenier authored
-
- Feb 05, 2021
-
-
Emmanuel Duchastenier authored
-
- Feb 04, 2021
-
-
Emmanuel Duchastenier authored
to be able to upgrade to Subscription more easily Only the logics around the config file is removed. The rest of the support of V6 form is still to be removed. Related failing tests have been removed. This is dead code, so the risk is known and accepted. Closes [RUNTIME-127](https://bonitasoft.atlassian.net/browse/RUNTIME-127)
-
- Feb 01, 2021
-
-
abirembaut authored
- filter logoutservice call to perform OIDC logout in addition of bonita logout - perform OIDC global logout with configured IdP URL - only proceed to OIDC logout if there is a keycloak session. otherwise delegate to logoutservice - only re create the HTTP session in case of a standard authentication - support guest user behavior (add parameter to redirect to IdP login page when clicking on lign in in layout) Covers [RUNTIME-68](https://bonitasoft.atlassian.net/browse/RUNTIME-68)
-
Bonita CI authored
-
- Jan 28, 2021
-
-
Bonita CI authored
-
- Jan 26, 2021
-
-
abirembaut authored
* feat(SSO): support authentication with OIDC - add servlet filter and authentication manager - support tenant configuration - add compose file for manual tests - add api to authentication filter - exclude jackson to avoid conflict with the version provided by engine - pass through keycloak OIDC filter even though there is a bonita session or the URL is public if there is an OIDC account in the session to avoid not detecting session change or invalid - add specific authentication filter for the REST API in order to benefit from the isAlready logged in rule that recreate the session if the authentication manager lets you in Covers [RUNTIME-57](https://bonitasoft.atlassian.net/browse/RUNTIME-57 ) Co-authored-by: hugues.bretin <hugues.bretin@bonitasoft.com>
-
abirembaut authored
- remove tests as this is unsupported code
-
- Jan 14, 2021
-
-
Emmanuel Duchastenier authored
-
Bonita CI authored
-
Bonita CI authored
-
- Jan 12, 2021
-
-
Dumitru Corini authored
* chore(branding): Add new information for full branding version name * Add information in the release script Co-authored-by: abirembaut <anthony.birembaut@bonitasoft.com>
-