Add configurable default servlet-filter URL patterns via boot.properties#140
Add configurable default servlet-filter URL patterns via boot.properties#140
Conversation
- Add openidm-system dependency to openidm-servlet-registrator pom.xml - Read openidm.servlet.alias and openidm.selfservice.alias from IdentityServer in activate() - Add sanitizeAlias() helper to validate and normalize path aliases - Change defaultServletUrlPatterns to instance field built dynamically in activate() - Log configured URL patterns at startup - Document new properties in conf/boot/boot.properties Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/e4672272-cd70-4f4d-9d77-1c5403d6e45d Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
- appendix-jetty.adoc: fix urlPatterns default description, add new section "Configuring the REST API Context Path" documenting openidm.servlet.alias and openidm.selfservice.alias boot properties - appendix-file-layout.adoc: enhance boot.properties description to mention new servlet alias properties with cross-references - appendix-ports-used.adoc: add paragraph linking to the new context path configuration section Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/f0a1c1a5-16b6-4d26-b72d-f7ccc9504394 Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
- appendix-file-layout.adoc: Portions Copyright 2024-2026 3A Systems LLC. - appendix-jetty.adoc: Portions Copyright 2024-2026 3A Systems LLC. - appendix-ports-used.adoc: Portions Copyright 2024-2026 3A Systems LLC. - ServletRegistrationSingleton.java: Portions Copyrighted 2024-2026 3A Systems LLC. - openidm-servlet-registrator/pom.xml: Portions Copyrighted 2024-2026 3A Systems LLC. Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/25e63c20-5d22-4591-a89b-d011e3615ccd Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
The file was modified by the PR (new openidm.servlet.alias and openidm.selfservice.alias properties were added) but had no copyright header. Added the missing copyright comment at the top of the file. Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/ed10c497-af2e-4d85-bcf8-a04c2d7fec61 Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR aims to make the REST (and related) context paths configurable via conf/boot/boot.properties, and updates documentation/copyright headers accordingly.
Changes:
- Add new
openidm.servlet.alias/openidm.selfservice.aliasproperties toboot.properties(documented as examples). - Update
ServletRegistrationSingletonto read those properties and use them to build default servlet-filter URL patterns. - Update integrators-guide docs to describe the new configuration options, plus copyright year bumps.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
openidm-zip/src/main/resources/conf/boot/boot.properties |
Adds commented examples for the new alias properties and a copyright header. |
openidm-servlet-registrator/src/main/java/.../ServletRegistrationSingleton.java |
Reads boot properties and uses them to set default filter urlPatterns. |
openidm-servlet-registrator/pom.xml |
Adds openidm-system dependency (for IdentityServer) and bumps copyright years. |
openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc |
Mentions configurable REST context paths via boot.properties. |
openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc |
Documents alias properties and updates servlet-filter default behavior description. |
openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc |
Notes alias properties as part of boot.properties contents. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| String servletAlias = IdentityServer.getInstance().getProperty(PROP_SERVLET_ALIAS, DEFAULT_SERVLET_ALIAS); | ||
| String selfServiceAlias = IdentityServer.getInstance().getProperty(PROP_SELFSERVICE_ALIAS, DEFAULT_SELFSERVICE_ALIAS); | ||
|
|
||
| servletAlias = sanitizeAlias(servletAlias, DEFAULT_SERVLET_ALIAS); | ||
| selfServiceAlias = sanitizeAlias(selfServiceAlias, DEFAULT_SELFSERVICE_ALIAS); | ||
|
|
||
| defaultServletUrlPatterns = new String[] { servletAlias + "/*", selfServiceAlias + "/*" }; | ||
| logger.info("REST servlet URL patterns configured: {}, {}", servletAlias + "/*", selfServiceAlias + "/*"); |
There was a problem hiding this comment.
The new boot.properties aliases are only used to build default filter urlPatterns here; they do not change where the REST servlet is actually registered (it remains hard-coded elsewhere, e.g., the API servlet registers at "/openidm"). If an operator sets openidm.servlet.alias, filters relying on the default patterns will stop applying to the real REST endpoints, which can break integrations and potentially bypass expected filter behavior. Either wire these properties into the servlet registration path(s) as well (and update any other components that hard-code /openidm), or rename/re-scope the properties and docs to clearly state they affect only default servlet-filter URL patterns.
...c/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
Outdated
Show resolved
Hide resolved
| === Configuring the REST API Context Path | ||
|
|
||
| By default, the OpenIDM REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. You can change these context paths without rebuilding the project by setting properties in your `conf/boot/boot.properties` file. | ||
|
|
||
| `openidm.servlet.alias`:: | ||
| The context path for the REST API. Default: `/openidm`. Example: `/myidm`. | ||
|
|
There was a problem hiding this comment.
This section claims the REST API and Self-Service UI context paths can be changed via conf/boot/boot.properties, but the code changes in this PR only adjust the default servlet-filter urlPatterns and do not update the actual servlet registrations (the REST servlet alias is still hard-coded to /openidm in the API servlet component). As written, users following these instructions will not actually move the REST endpoints and may inadvertently cause filters to no longer apply. Please either implement the alias change end-to-end (servlet registrations + any hard-coded /openidm usages), or reword this section to describe the narrower behavior that’s actually implemented.
| By default, the OpenIDM REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. You can change these context paths without rebuilding the project by setting properties in your `conf/boot/boot.properties` file. | ||
|
|
||
| `openidm.servlet.alias`:: | ||
| The context path for the REST API. Default: `/openidm`. Example: `/myidm`. | ||
|
|
||
| `openidm.selfservice.alias`:: | ||
| The context path for the Self-Service UI. Default: `/selfservice`. Example: `/myselfservice`. | ||
|
|
There was a problem hiding this comment.
The text refers to the “Self-Service UI” being at /selfservice/ by default. In this distribution, the selfservice UI context root appears to be configured via conf/ui.context-selfservice.json and defaults to "/", while /selfservice is typically a REST sub-resource under /openidm (e.g., /openidm/selfservice/...). Please clarify what /selfservice actually refers to here (UI vs REST), and align the defaults and examples accordingly so operators don’t break links/bookmarks.
openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
Outdated
Show resolved
Hide resolved
openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
Outdated
Show resolved
Hide resolved
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Base path used when building default servlet-filter URL patterns for the REST API. | ||
| # Note: this does NOT change the core REST servlet context path, which remains /openidm. | ||
| # Example override: /myidm |
There was a problem hiding this comment.
The added note says these properties do NOT change the core REST servlet context path (it remains /openidm), but the PR title/description and other docs in this PR describe this as changing the REST API context path. Please align the PR messaging/docs with actual behavior (or implement actual servlet alias remapping if that’s the intent).
| # Example override: /selfservice | ||
| #openidm.selfservice.alias=/selfservice |
There was a problem hiding this comment.
The self-service section says “Example override: /selfservice”, which is the default value rather than an override. Update the example to something like /myselfservice (and keep it consistent with the commented property example below).
| # Example override: /selfservice | |
| #openidm.selfservice.alias=/selfservice | |
| # Example override: /myselfservice | |
| #openidm.selfservice.alias=/myselfservice |
| By default, the OpenIDM REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. You can change these context paths without rebuilding the project by setting properties in your `conf/boot/boot.properties` file. | ||
|
|
||
| `openidm.servlet.alias`:: | ||
| The context path for the REST API. Default: `/openidm`. Example: `/myidm`. | ||
|
|
||
| `openidm.selfservice.alias`:: | ||
| The context path for the Self-Service UI. Default: `/selfservice`. Example: `/myselfservice`. | ||
|
|
||
| For example, to change the REST API base path to `/myidm` and the Self-Service path to `/myselfservice`, add the following to `conf/boot/boot.properties`: | ||
|
|
||
| [source, console] | ||
| ---- | ||
| openidm.servlet.alias=/myidm | ||
| openidm.selfservice.alias=/myselfservice | ||
| ---- | ||
|
|
||
| After restarting OpenIDM, the REST API is available at `\https://localhost:8443/myidm/` instead of `\https://localhost:8443/openidm/`. | ||
|
|
There was a problem hiding this comment.
This new section claims openidm.servlet.alias / openidm.selfservice.alias change the REST API and Self-Service UI context paths and that the REST API becomes available at /myidm/. In the code change, these properties only change the default servlet-filter URL patterns (used when a filter config omits urlPatterns); servlet aliases themselves are not moved. Please update the section title/text/examples accordingly (and clarify that Self-Service UI context root is configured via conf/ui.context-selfservice.json, which defaults to /).
|
@copilot apply changes based on the comments in this thread |
…rns only - Fix boot.properties selfservice example: /selfservice IS the default, so the example override is now /myselfservice - Rewrite appendix-jetty.adoc section: rename from "Configuring the REST API Context Path" to "Configuring Default Servlet-Filter URL Patterns"; add IMPORTANT callout clarifying these properties do NOT change the actual REST servlet registration (remains /openidm), and that the Self-Service UI context root is configured via conf/ui.context-selfservice.json Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/bed0ddf4-38d9-4f95-98d5-9935b6d02a99 Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
Applied in e0d0fc9:
|
Adds
openidm.servlet.aliasandopenidm.selfservice.aliasproperties toconf/boot/boot.propertiesthat control the default URL patterns applied to servlet filters which do not specify expliciturlPatternsin theirconf/servletfilter-*.jsonconfiguration. UpdatesServletRegistrationSingletonto read these properties and build the default filter URL patterns accordingly.Important: These properties only affect default servlet-filter URL patterns. They do not change the actual REST servlet registration, which remains at
/openidm. The Self-Service UI context root is configured separately viaconf/ui.context-selfservice.json.Changes Made
openidm-servlet-registrator: UpdatedServletRegistrationSingletonto readopenidm.servlet.alias(default/openidm) andopenidm.selfservice.alias(default/selfservice) fromboot.propertiesand use them to build default servlet-filter URL patterns. AddedsanitizeAlias/normalizeAliashelpers to safely handle edge cases (trailing slashes,..sequences, root context).conf/boot/boot.properties: Added commented-outopenidm.servlet.aliasandopenidm.selfservice.aliasentries with clarifying notes that these affect filter URL patterns only, not the core REST servlet context path.appendix-jetty.adoc: Added new section "Configuring Default Servlet-Filter URL Patterns" documenting the two properties, their defaults, and an IMPORTANT callout clarifying their limited scope.appendix-file-layout.adoc: Updatedboot.propertiesdescription to mention the new filter URL pattern properties and their scope.appendix-ports-used.adoc: Added paragraph linking to the new section and clarifying that these properties influence filter patterns only.Portions Copyright 2026 3A Systems LLC.header toboot.properties.Original prompt
Цель
Добавить возможность настройки базового REST context path через
conf/boot/boot.propertiesбез необходимости пересборки проекта.Изменяемые файлы
1.
openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.javaВ методе
activate(ComponentContext context)добавить чтение свойств черезIdentityServer.getInstance().getProperty(...), аналогично тому, как это делается в других сервисах (например,TaskScannerService,HealthService).Текущий код:
Необходимые изменения:
org.forgerock.openidm.core.IdentityServerDEFAULT_SERVLET_URL_PATTERNS— вместо статического массива строить его динамически вactivate():DEFAULT_SERVLET_URL_PATTERNSсprivate static finalнаprivate String[](instance field), чтобы его можно было задавать вactivate():registerFilterWithWebContainerзаменить использованиеDEFAULT_SERVLET_URL_PATTERNSнаdefaultServletUrlPatterns:2.
openidm-zip/src/main/resources/conf/boot/boot.propertiesДобавить в конец файла документацию по новым свойствам (закомментированные примеры):
Требования
boot.properties, поведение идентично текущему (/openidm/*и/selfservice/*)openidm.servlet.alias=/openidm,openidm.selfservice.alias=/selfserviceopenidm.servlet.alias=/myidm,openidm.selfservice.alias=/myselfservice/в начале, если она отсутствуетПример использования после мёржа
В
conf/boot/boot.properties:После перезапуска OpenIDM REST API будет доступен по
http://localhost:8080/myidm/вместоhttp://localhost:8080/openidm/The following is the prior conversation context from the user's chat exploration (may be truncated):
User: какие пути решения ?
Assistant: Вот подробный анализ вопроса "Как изменить REST context?" в OpenIDM, основанный на изучении исходного кода.
Что такое REST context в OpenIDM?
В OpenIDM под "REST context" может подразумеваться две разные вещи:
/openidm/) — корневой путь, по которому доступны все REST-эндпоинты/,/admin,/api) — пути, по которым зарегистрированы веб-интерфейсыПути решения
Вариант 1: Изменить путь UI (через конфигурационные файлы)
Это самый простой и поддерживаемый способ. В каталоге
conf/есть JSON-файлы контекстов:conf/ui.context-selfservice.json— Self-Service UI (по умолчанию/):