- Jun 04, 2021
-
-
Bonita CI authored
-
- May 28, 2021
-
-
abirembaut authored
-
abirembaut authored
* avoid creating the HTTP session in case of a SAML authentication as informations stored in it by keycloak are lost This is not a big issue for most use cases as, once you get a bonita session, we don't go through keycloak filter code. However for some features like global logout, this may be an issue if you use POST response binding. Also, it appears that Keycloak already provide a mechanism to recreate the session when logging in with the option turnOffChangeSessionIdOnLogin="false" * update keycloak conf example Cover [RUNTIME-293](https://bonitasoft.atlassian.net/browse/RUNTIME-293)
-
- May 25, 2021
-
-
Dumitru Corini authored
* Return the bdm information instead of the filePath when uploading a new bdm covers [RUNTIME-70](https://bonitasoft.atlassian.net/browse/RUNTIME-70 ) Co-authored-by: Emmanuel Duchastenier <emmanuel.duchastenier@bonitasoft.com>
-
- May 21, 2021
- May 10, 2021
-
-
Emmanuel Duchastenier authored
* remove the token placeholders to disable some parts of the web.xml This is no longer needed as part of the GWT removal * remote portal is not allowed anymore so put bonita-engine(-sp) directly in bonita.war(-sp) * fix transitive deps issue
-
- Apr 15, 2021
-
-
abirembaut authored
* when the target servlet commit the response it is too late for the filter to be able to update the headers so doing it after the doFilter is a bad idea
-
Bonita CI authored
-
Dumitru Corini authored
- Fo roles, groups, process, users, case start and task data resources covers [BPO-618](https://bonitasoft.atlassian.net/browse/BPO-618)
-
- Apr 12, 2021
-
-
Dumitru Corini authored
* feat(application API): Check image file size for image upload servlet covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
- Apr 10, 2021
-
-
Emmanuel Duchastenier authored
This PR changes permissions by reloading from the Engine the permissions each time we need to read them (still requires to add some cache Engine-side for performance) Relates to [RUNTIME-175](https://bonitasoft.atlassian.net/browse/RUNTIME-175) Relates to [RUNTIME-230](https://bonitasoft.atlassian.net/browse/RUNTIME-230)
-
- Apr 09, 2021
-
-
DumitruCorini authored
covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
DumitruCorini authored
covers [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
abirembaut authored
* remove unused getConf method in SSO filters
-
abirembaut authored
* remove wrong and useless condition as it is already defined in NoCaheFilter pattern in web.xml * set the header after the chain.dofilter so that the firect filter in the web.xml (NoCache filter) has priority
-
- Apr 08, 2021
-
-
julienmege authored
-
Bonita CI authored
-
abirembaut authored
* fix(HTTP headers): enforce X-Content-Type and X-Frame headers - set headers only once (use setHeader instead of addHeader) Relates to [BPO-664](https://bonitasoft.atlassian.net/browse/BPO-664)
-
- Apr 07, 2021
-
-
Dumitru Corini authored
* the ApplicationAPI now returns a new parameter called `icon` that contains the url to the icon * the icon is served by the servlet `../API/applicationIcon/<id>?t=<lastUpdateDate>` example of application API response: ``` { updatedBy: "-1", displayName: "Admin app", lastUpdateDate: "1605275321167", description: "", themeId: "912", homePageId: "1001", creationDate: "1605275320903", version: "0.0.3", layoutId: "805", token: "admin", createdBy: "-1", profileId: "2", iconPath: "../API/applicationIcon/901?t=1605275321167" id: "901", state: "ACTIVATED", iconPath: "" } ``` Relates to [RUNTIME-114](https://bonitasoft.atlassian.net/browse/RUNTIME-114)
-
Emmanuel Duchastenier authored
so that `mvn clean test verify` does not have side effects when run twice
-
- Apr 05, 2021
-
-
danila_mazour authored
Remove the last references to autologin, as it has already been removed functionaly
-
- Mar 11, 2021
-
-
abirembaut authored
* Fix web.xml * restore home page, download and image servlet * restore URL rewrite filter * Remove BonitaForm.html from portal look n feel
-
Baptiste Mesta authored
-
Baptiste Mesta authored
Few classes had to be moved from the forms module: * ThemeExtractor * URLUtils
-
- Mar 08, 2021
-
-
Emmanuel Duchastenier authored
so that web can pull Engine COMPILED with Java 11 even if for now, this repo still BUILDS with target Java 8 JDK 11 is used for compilation, except for GWT compilation, as it wouldn't work. That's why we specify JDK8 path, just for GWT compilation.
-
- Mar 05, 2021
-
-
Dumitru Corini authored
* feat(application API): Add filter by userId
-
Romain Bioteau authored
* remove groovy-all dependency * only use groovy module * other modules (json, nio..etc) are provided by the engine == NOT RELATED == * Also, improve checkout by doing shallow clone
-
- Mar 01, 2021
-
-
abirembaut authored
platform - support empty config exclude pattern to override default - remove X-XSS-Protection as IE is no longer supported - separate X-Content-Type-Options and X-Frame-Options into different servlet filter - support exclusion pattern and configurable header values (in web.xml) Relates to [BPO-664](https://bonitasoft.atlassian.net/browse/BPO-664)
-
Emmanuel Duchastenier authored
Closes [RUNTIME-124](https://bonitasoft.atlassian.net/browse/RUNTIME-124)
-
- Feb 24, 2021
-
-
abirembaut authored
* session invalidation was removed for SSO as keycloak already handle it for OIDC and SAML and it was caussing issues to renew the session twice, but it needs to remain for kerberos. Covers [RUNTIME-67](https://bonitasoft.atlassian.net/browse/RUNTIME-67)
-
- Feb 22, 2021
- Feb 12, 2021
-
-
Emmanuel Duchastenier authored
-
- Feb 05, 2021
-
-
Emmanuel Duchastenier authored
-
- Feb 04, 2021
-
-
Emmanuel Duchastenier authored
to be able to upgrade to Subscription more easily Only the logics around the config file is removed. The rest of the support of V6 form is still to be removed. Related failing tests have been removed. This is dead code, so the risk is known and accepted. Closes [RUNTIME-127](https://bonitasoft.atlassian.net/browse/RUNTIME-127)
-
- Feb 01, 2021
-
-
abirembaut authored
- filter logoutservice call to perform OIDC logout in addition of bonita logout - perform OIDC global logout with configured IdP URL - only proceed to OIDC logout if there is a keycloak session. otherwise delegate to logoutservice - only re create the HTTP session in case of a standard authentication - support guest user behavior (add parameter to redirect to IdP login page when clicking on lign in in layout) Covers [RUNTIME-68](https://bonitasoft.atlassian.net/browse/RUNTIME-68)
-
Bonita CI authored
-