Merge branch 'develop' into stable

ossrh-release to central-publish
2026-03-24 11:23:35 -04:00 · 2026-03-24 11:23:17 -04:00 · 2026-03-24 11:18:58 -04:00 · 2026-03-24 11:16:59 -04:00
3 changed files with 24 additions and 22 deletions
--- a/README.md
+++ b/README.md
@@ -41,7 +41,8 @@ This extension requires the [`multiext-activiti-app-ext`](https://git.inteligr8.
 | --------------------------------------- | --------------- |
 | `keycloak-activiti-app-ext` v1.0 - v1.2 | v1.11.x         |
 | `keycloak-activiti-app-ext` v1.3 - v1.4 | v1.11.x - v2.x  |
-| `auth-activiti-app-ext` v2.0+           | v24.x+          |
+| `auth-activiti-app-ext` v2.0            | v24.x - v25.x   |
+| `auth-activiti-app-ext` v2.1+           | v26.x+          |

 ## Configuration

--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@

 	<groupId>com.inteligr8.activiti</groupId>
 	<artifactId>auth-activiti-app-ext</artifactId>
-	<version>2.1.2</version>
+	<version>2.2.0</version>

 	<name>Authentication &amp; Authorization for APS</name>
 	<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
@@ -41,10 +41,10 @@
 		<maven.compiler.target>17</maven.compiler.target>
 		<maven.compiler.release>17</maven.compiler.release>

-		<aps.version>25.1.1</aps.version>
+		<aps.version>26.1.0</aps.version>
 		
 		<!-- for RAD -->
-		<tomcat-rad.version>10-2.2</tomcat-rad.version>
+		<tomcat-rad.version>2.3-tomcat-11.0.20</tomcat-rad.version>
 		<aps.hotswap.enabled>false</aps.hotswap.enabled>
 		<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
 			-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
@@ -105,7 +105,7 @@
 			<plugin>
 				<groupId>io.repaint.maven</groupId>
 				<artifactId>tiles-maven-plugin</artifactId>
-				<version>2.40</version>
+				<version>2.43</version>
 				<extensions>true</extensions>
 				<configuration>
 					<tiles>
@@ -230,7 +230,7 @@
 			</build>
 		</profile>
 		<profile>
-			<id>ossrh-release</id>
+			<id>central-publish</id>
 			<properties>
 				<maven.deploy.skip>true</maven.deploy.skip>
 			</properties>
@@ -270,19 +270,20 @@
 						</executions>
 					</plugin>
 					<plugin>
-						<groupId>org.sonatype.plugins</groupId>
-						<artifactId>nexus-staging-maven-plugin</artifactId>
-						<version>1.7.0</version>
+						<groupId>org.sonatype.central</groupId>
+						<artifactId>central-publishing-maven-plugin</artifactId>
+						<version>0.8.0</version>
+						<extensions>true</extensions>
 						<configuration>
-							<serverId>ossrh</serverId>
-							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
-							<autoReleaseAfterClose>true</autoReleaseAfterClose>
+							<publishingServerId>central</publishingServerId>
+							<autoPublish>true</autoPublish>
 						</configuration>
+						<!-- for some reason this is required... -->
 						<executions>
 							<execution>
-								<id>ossrh-deploy</id>
+								<id>deploy</id>
 								<phase>deploy</phase>
-								<goals><goal>deploy</goal></goals>
+								<goals><goal>publish</goal></goals>
 							</execution>
 						</executions>
 					</plugin>
--- a/src/main/java/com/inteligr8/activiti/auth/oauth/IdentityServiceConfigurationOverride.java
+++ b/src/main/java/com/inteligr8/activiti/auth/oauth/IdentityServiceConfigurationOverride.java
@@ -1,7 +1,6 @@
 package com.inteligr8.activiti.auth.oauth;

 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;

 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -20,6 +19,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.AndRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;

@@ -103,11 +103,11 @@ public class IdentityServiceConfigurationOverride {
            .securityMatchers(matchers -> {
                matchers.requestMatchers(
                        // same as OOTB
-                        antMatcher(ProtectedPaths.API_URL_PATH + "/**"),
+                        PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"),

                        // want to also allow non-UI access to the the protected API
                        // we do this for anything with an `Authorization` header, as the UI uses session-based authorization
-                        new AndRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/**"))
+                        new AndRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/**"))
                );
            })
            .csrf(csrf -> {
@@ -124,18 +124,18 @@ public class IdentityServiceConfigurationOverride {
            .authorizeHttpRequests(request ->
                request
                    // same as OOTB
-                    .requestMatchers(antMatcher(ProtectedPaths.API_URL_PATH + "/enterprise/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/enterprise/**"))
                    .access(this.appRequestHeaderService)
-                    .requestMatchers(antMatcher(ProtectedPaths.API_URL_PATH + "/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"))
                    .access(this.restAuthorizationService)
                    
                    // borrowed from OOTB /app/rest security
-                    .requestMatchers(antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/reporting/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/reporting/**"))
                    .hasAuthority(Capabilities.ACCESS_REPORTS)
                    
                    .requestMatchers(
-                            antMatcher(ProtectedPaths.API_URL_PATH + "/**"),
-                            antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/**")
+                            PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"),
+                            PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/**")
                    )
                    .authenticated()
            );
Author	SHA1	Message	Date
Brian M. Long	efcf80dfc1	Merge branch 'develop' into stable	2026-03-24 11:23:35 -04:00
Brian M. Long	458650db94	ossrh-release to central-publish	2026-03-24 11:23:17 -04:00
Brian M. Long	dafbe33f39	Merge branch 'develop' into stable	2026-03-24 11:18:58 -04:00
Brian M. Long	3983fcabff	v2.2.x; APS v26 support due to spring v7	2026-03-24 11:16:59 -04:00