Conversation
There was a problem hiding this comment.
Pull request overview
Adds an experimental React/Vite-based “OpenAM UI JS SDK” module to the OpenAM UI build, packages it as distributable ZIP artifacts (app + library), and wires the app bundle into the openam-server-only WAR under extui/ (with a small CORS schema update to allow Accept-API-Version).
Changes:
- Introduce new
openam-ui-js-sdkMaven module with Vite/Vitest/TypeScript project (app + library builds, plus assemblies). - Package and embed the generated app ZIP into
openam-server-onlyWAR underextui/. - Bump frontend build toolchain versions (frontend-maven-plugin, Node, npm) and update CORS allowed headers.
Reviewed changes
Copilot reviewed 48 out of 50 changed files in this pull request and generated 23 comments.
Show a summary per file
| File | Description |
|---|---|
pom.xml |
Adds openam-ui-js-sdk app ZIP as a dependency in the root build. |
openam-ui/pom.xml |
Registers new UI module and bumps frontend-maven-plugin/Node/npm versions. |
openam-ui/openam-ui-js-sdk/vitest.config.js |
Vitest configuration (jsdom + setup file). |
openam-ui/openam-ui-js-sdk/vite.lib.config.ts |
Vite config for library build + DTS generation. |
openam-ui/openam-ui-js-sdk/vite.config.ts |
Vite config for app build output to target/app. |
openam-ui/openam-ui-js-sdk/tsconfig.node.json |
TS config for Vite config files. |
openam-ui/openam-ui-js-sdk/tsconfig.lib.json |
TS config for library build typings/source scope. |
openam-ui/openam-ui-js-sdk/tsconfig.json |
Project references for TS build mode. |
openam-ui/openam-ui-js-sdk/tsconfig.app.json |
TS config for app compilation scope. |
openam-ui/openam-ui-js-sdk/src/main.tsx |
App entry point rendering OpenAMUI. |
openam-ui/openam-ui-js-sdk/src/lib/userService.ts |
Client-side calls for user/session/profile/password operations. |
openam-ui/openam-ui-js-sdk/src/lib/types.ts |
SDK response/data type definitions. |
openam-ui/openam-ui-js-sdk/src/lib/setupTests.ts |
Test environment setup for RTL matchers. |
openam-ui/openam-ui-js-sdk/src/lib/router.tsx |
Hash router definition + service instantiation. |
openam-ui/openam-ui-js-sdk/src/lib/loginService.ts |
Client-side authentication request/callback submission helpers. |
openam-ui/openam-ui-js-sdk/src/lib/index.ts |
Library public exports (components + config/types). |
openam-ui/openam-ui-js-sdk/src/lib/env.d.ts |
Vite env typings for OpenAM URL configuration variables. |
openam-ui/openam-ui-js-sdk/src/lib/config.ts |
Global mutable config + default component implementations. |
openam-ui/openam-ui-js-sdk/src/lib/components/types.ts |
Pluggable UI component type contracts. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultUserForm.tsx |
Default user profile + change password modal UI. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultUserForm.test.tsx |
Tests for default user form behavior. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultLoginForm.tsx |
Default login form rendering callbacks + actions. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultLoginForm.test.tsx |
Tests for default login form integration with config. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultErrorForm.tsx |
Default error UI component. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultErrorForm.test.tsx |
Tests for default error UI. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultCallbackElement.tsx |
Default rendering for OpenAM callback types. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultCallbackElement.test.tsx |
Tests for callback element rendering/value updates. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultActionElements.tsx |
Default submit/action button rendering for callbacks. |
openam-ui/openam-ui-js-sdk/src/lib/components/DefaultActionElements.test.tsx |
Tests for action element behavior. |
openam-ui/openam-ui-js-sdk/src/lib/__tests__/mocks.ts |
Mock auth/user payloads for component tests. |
openam-ui/openam-ui-js-sdk/src/lib/User.tsx |
User route: session check, profile load/save, password update. |
openam-ui/openam-ui-js-sdk/src/lib/OpenAMUI.tsx |
SDK root component mounting the router provider. |
openam-ui/openam-ui-js-sdk/src/lib/NotFoundPage.tsx |
404 page component. |
openam-ui/openam-ui-js-sdk/src/lib/Login.tsx |
Login route: init, submit callbacks, redirect or route change. |
openam-ui/openam-ui-js-sdk/src/lib/Home.tsx |
Home route: redirect to login or user based on session. |
openam-ui/openam-ui-js-sdk/src/index.scss |
Basic styling for forms/modals. |
openam-ui/openam-ui-js-sdk/pom.xml |
Maven build for npm test/build + assembly ZIPs (app + lib). |
openam-ui/openam-ui-js-sdk/package.json |
React/React Router/Vite/Vitest/TS toolchain definitions and scripts. |
openam-ui/openam-ui-js-sdk/index.html |
Vite HTML entry document. |
openam-ui/openam-ui-js-sdk/eslint.config.js |
ESLint config for TS/React hooks/refresh. |
openam-ui/openam-ui-js-sdk/assembly/lib-zip.xml |
Assembly descriptor for library ZIP artifact. |
openam-ui/openam-ui-js-sdk/assembly/app-zip.xml |
Assembly descriptor for app ZIP artifact. |
openam-ui/openam-ui-js-sdk/README.md |
Usage/customization docs for app and SDK consumption. |
openam-ui/openam-ui-js-sdk/.gitignore |
Ignores for node/vite outputs and zips. |
openam-ui/openam-ui-js-sdk/.env.development |
Dev env defaults for OpenAM server/context path. |
openam-ui/openam-ui-js-sdk/.env |
Sample env variables (commented). |
openam-server-only/src/main/resources/services/amCORS.xml |
Allows Accept-API-Version header; bumps revisionNumber. |
openam-server-only/pom.xml |
Downloads app ZIP, stages under extui/, and includes it in WAR resources; adds ZIP dependency. |
.github/workflows/deploy.yml |
Excludes openam-ui-js-sdk from javadoc aggregate build. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| import type { ErrorForm } from "./types"; | ||
|
|
||
| const DefaultErrorForm: ErrorForm = ({ error, resetError }) => { |
There was a problem hiding this comment.
This file is missing the standard CDDL header block that is present in the other new JS SDK source files. Please add the project’s license header here as well for consistency/compliance.
| const response = await fetch(userUrl, { | ||
| method: "GET", | ||
| mode: "cors", | ||
| credentials: "include", | ||
| headers: { | ||
| "Content-Type": "application/json" | ||
| }, | ||
| }) | ||
| return await response.json(); | ||
| } catch (e) { |
There was a problem hiding this comment.
getUserData returns response.json() without checking response.ok. For non-2xx responses, this can silently propagate error payloads as UserData and break callers. Handle non-OK responses (e.g., parse an error shape and throw) before returning data.
| const response = await fetch(userUrl, { | ||
| method: "PUT", | ||
| mode: "cors", | ||
| credentials: "include", | ||
| headers: { | ||
| "Accept-API-Version": "resource=2.0, protocol=1.0", | ||
| "Content-Type": "application/json" | ||
| }, | ||
| body: JSON.stringify(dataToUpdate), | ||
| } | ||
| ) | ||
| return await response.json(); | ||
| } |
There was a problem hiding this comment.
saveUserData returns response.json() even when the server responds with a non-2xx status. This can make the UI treat error payloads as successful updates. Add a response.ok check and surface a useful error (similar to savePassword).
openam-ui/openam-ui-js-sdk/README.md
Outdated
| import { setConfig } from 'openam-js-sdk' | ||
|
|
||
| setConfig({ | ||
| openamServer: 'https://openam.example.org:443', | ||
| openamContextPath: '/am', | ||
| errorForm: ({ error, resetError }) => { | ||
| return <div> | ||
| <h1>An error occurred</h1> | ||
| <p>{error?.message}</p> | ||
| <input type="button" value="Retry" onClick={() => resetError()} /> | ||
| </div> | ||
| }) | ||
|
|
There was a problem hiding this comment.
The customization example uses errorForm, but the config interface property is ErrorForm (capital E) and the default config also uses ErrorForm. As written, the example won’t override the error UI. Update the README example to match the actual config API shape.
| setConfig({ | ||
| CallbackElement: mockCallbackElement, | ||
| ActionElements: mockActionElements, | ||
| }) | ||
|
|
There was a problem hiding this comment.
This test mutates the global singleton config via setConfig at module initialization time, which can leak state into other test files depending on execution order. Prefer setting config in beforeEach/beforeAll and restoring the previous config in afterEach/afterAll to keep tests isolated.
| const config = getConfig(); | ||
| const userService = new UserService(config.getOpenAmUrl()); | ||
| const loginService = new LoginService(config.getOpenAmUrl()); | ||
|
|
||
| const router = createHashRouter([ |
There was a problem hiding this comment.
config, userService, loginService, and the router are instantiated at module load time. Since consumers are expected to call setConfig(...) to customize openamServer/openamContextPath, importing OpenAMUI (via src/lib/index.ts) will run this file before setConfig is called, so the services/router can be locked to the default URL. Consider creating the router/services lazily (e.g., factory function or inside OpenAMUI with useMemo) so updates via setConfig take effect.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…tyPlatform#943) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…andler.codec.http.HttpRequestEncoder (OpenIdentityPlatform#949) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…DoS via memory exhaustion (OpenIdentityPlatform#950) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…et` and `_.omit` functions (OpenIdentityPlatform#953) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…o prototype pollution in the _.unset and _.omit functions. (OpenIdentityPlatform#954)
…er test in build.yml (OpenIdentityPlatform#959) Co-authored-by: Valery Kharseko <vharseko@3a-systems.ru>
…f service (OpenIdentityPlatform#960) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…on DoS in parse() + Prototype Pollution via parse() in NodeJS flatted (OpenIdentityPlatform#966) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ntSession Deserialization in OpenAM
…asses causes incorrect glob matching Related glob security issue patched in the same release (OpenIdentityPlatform#970) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
…oted-String Parsing (OpenIdentityPlatform#972) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 48 out of 50 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| console.log("request error ocurred:", e) | ||
| } |
There was a problem hiding this comment.
Typo in log message: "request error ocurred" should be "request error occurred".
|
|
||
| ```tsx | ||
| import React from 'react'; | ||
| import OpenAMUI from 'openam-js-sdk'; |
There was a problem hiding this comment.
The README uses a default import (import OpenAMUI from 'openam-js-sdk'), but the library entrypoint exports OpenAMUI as a named export. Update the example to use import { OpenAMUI } ... (or add a default export if that’s the intended API).
| import OpenAMUI from 'openam-js-sdk'; | |
| import { OpenAMUI } from 'openam-js-sdk'; |
|
|
||
| const renderTextOutputCallback = (callback: Callback) => { | ||
| const propMap = Object.fromEntries(callback.output.map((o) => [o.name, o.value])) | ||
| const messageType = propMap['messageType'] |
There was a problem hiding this comment.
messageType is read from callback.output and can be a number (per CallbackOutput.value). The switch compares it to string literals ("0", "1", ...), so numeric values (0/1/2/4) will fall into the default branch. Normalize messageType (e.g., String(messageType)) or add numeric cases.
| const messageType = propMap['messageType'] | |
| const messageType = String(propMap["messageType"] ?? ""); |
| const ScriptElement = (scriptText: string) => { | ||
| useEffect(() => { | ||
| const script = document.createElement('script'); |
There was a problem hiding this comment.
ScriptElement calls useEffect but is invoked as a plain function later (return ScriptElement(message)), not rendered as a React component/custom hook. This violates the Rules of Hooks and can trigger an “Invalid hook call” at runtime. Refactor it into a real component (e.g., <ScriptElement scriptText={...} />) or a custom hook used by a component.
Experimental UI based on React JS library.
Allows to develop a custom OpenAM UI using pluggable components, see the README.md file