Merge branch 'feature/SUPPORT-8427_new' into feature/SUPPORT-8471_load_classifier

# Conflicts: # config/patches/default.cli # config/standalone/dev/standalone.xml # pom.xml
2024-09-09 10:37:04 +03:00 · 2024-09-09 10:37:04 +03:00 · 91d842d25b
commit 91d842d25b
parent fe6ce5b8a2 6b6ee68faf
246 changed files with 3517 additions and 6487 deletions
--- a/config/Dockerfile
+++ b/config/Dockerfile
@ -41,4 +41,4 @@ RUN chmod -R +x patches && \
 ENV SERVER_START=true
 COPY --chown=jboss *.ear $JBOSS_HOME/standalone/deployments/

-HEALTHCHECK --timeout=3s --start-period=3600s CMD curl --fail 127.0.0.1:8080/backend/version || exit 1
+HEALTHCHECK --timeout=3s --start-period=3600s CMD curl --fail 127.0.0.1:8080/ul/version || exit 1
--- a/config/context.xml
+++ b/config/context.xml
@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
+    <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <Resource name="java:/webbpm/AppDS" auth="Container"
+          type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
+          url="jdbc:postgresql://10.10.31.119:5432/ervu-lkrp-ul"
+          username="ervu-lkrp-ul" password="ervu-lkrp-ul" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
+</Context>
--- a/config/patches/default.cli
+++ b/config/patches/default.cli
@ -16,41 +16,6 @@ xa-data-source add \
  --query-timeout=300 \
  --xa-datasource-properties=ServerName=${env.DB_APP_HOST:db},PortNumber=${env.DB_APP_PORT:5432},DatabaseName=${env.DB_APP_NAME:app}

-xa-data-source add \
-  --name=JBPMDS \
-  --enabled=true \
-  --driver-name=postgresql \
-  --jndi-name=java:jboss/datasources/jbpmDS \
-  --user-name=${env.DB_JBPM_USERNAME:jbpm} \
-  --password=${env.DB_JBPM_PASSWORD:jbpmpassword} \
-  --use-ccm=true \
-  --valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker \
-  --validate-on-match=false \
-  --background-validation=true \
-  --background-validation-millis=5000 \
-  --exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter \
-  --statistics-enabled=true \
-  --max-pool-size=50 \
-  --query-timeout=300 \
-  --xa-datasource-properties=ServerName=${env.DB_JBPM_HOST:db},PortNumber=${env.DB_JBPM_PORT:5432},DatabaseName=${env.DB_JBPM_NAME:jbpm}
-
-xa-data-source add \
-   --name=SECURITYDS \
-   --enabled=true \
-   --driver-name=postgresql \
-   --jndi-name=java:/webbpm/security-ds \
-   --user-name=${env.DB_SEC_USERNAME:security_user} \
-   --password=${env.DB_SEC_PASSWORD:secpassword} \
-   --max-pool-size=70 \
-   --valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker \
-   --validate-on-match=false \
-   --background-validation=true \
-   --background-validation-millis=5000 \
-   --exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter \
-   --statistics-enabled=true \
-   --query-timeout=300 \
-   --xa-datasource-properties=ServerName=${env.DB_SEC_HOST:db},PortNumber=${env.DB_SEC_PORT:5432},DatabaseName=${env.DB_SEC_NAME:app}
-
 /system-property=ldap.mapping.login.param:add(value=${env.WEBBPM_LDAP_LOGIN_ATTR:uid})
 /system-property=ldap.mapping.org.code.param:add(value=${env.WEBBPM_LDAP_ORGANIZATION_ATTR:ou})
 /system-property=jboss.as.management.blocking.timeout:add(value=900)
@ -62,6 +27,7 @@ xa-data-source add \
 /system-property=gar.enable:add(value=false)
 /system-property=security.password.regex:add(value="^((?=(.*\\d){1,})(?=.*[a-zа-яё])(?=.*[A-ZА-ЯЁ]).{8,})$")
 /system-property=fias.enable:add(value=false)
+/system-property=bpmn.enable:add(value=false)
 /system-property=file.webdav.upload.url:add(value="https://ervu-webdav.k8s.micord.ru")
 /system-property=file.webdav.upload.username:add(value="test")
 /system-property=file.webdav.upload.password:add(value="test")
@ -74,6 +40,17 @@ xa-data-source add \
 /system-property=ervu.fileupload.max_file_size:add(value="5242880")
 /system-property=ervu.fileupload.max_request_size:add(value="6291456")
 /system-property=ervu.fileupload.file_size_threshold:add(value="0")
+/system-property=esia-scopes:add(value="fullname, snils, id_doc, birthdate, usr_org, openid")
+/system-property=esia-org-scopes:add(value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps")
+/system-property=esia-org-scope-url:add(value="http://esia.gosuslugi.ru/")
+/system-property=esia-uri.base-uri:add(value="https://esia-portal1.test.gosuslugi.ru/")
+/system-property=esia-uri.code-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac")
+/system-property=esia-uri.token-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te")
+/system-property=esia-client-id:add(value="MNSV89")
+/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
+/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
+/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
+/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")
 /system-property=ervu.cron.load.enable(value="true")
 /system-property=ervu.cron.load.time(value="0 0 */1 * * *")
 /system-property=ervu.esnsi.classifier.url.load(value="https://esnsi.gosuslugi.ru/rest/ext/v1/classifiers/11465/file?extension=JSON&encoding=UTF_8"")
--- a/config/standalone/dev/standalone.xml
+++ b/config/standalone/dev/standalone.xml
@ -66,6 +66,17 @@
        <property name="ervu.fileupload.max_file_size" value="5242880"/>
        <property name="ervu.fileupload.max_request_size" value="6291456"/>
        <property name="ervu.fileupload.file_size_threshold" value="0"/>
+        <property name="esia-scopes" value="fullname, snils, id_doc, birthdate, usr_org, openid"/>
+        <property name="esia-org-scopes" value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps"/>
+        <property name="esia-org-scope-url" value="http://esia.gosuslugi.ru/"/>
+        <property name="esia-uri.base-uri" value="https://esia-portal1.test.gosuslugi.ru/"/>
+        <property name="esia-uri.code-path" value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac"/>
+        <property name="esia-uri.token-path" value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te"/>
+        <property name="esia-client-id" value="MNSV89"/>
+        <property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
+        <property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
+        <property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
+        <property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
        <property name="ervu.cron.load.time" value="0 0 */1 * * *"/>
        <property name="ervu.esnsi.classifier.url.load" value="https://esnsi.gosuslugi.ru/rest/ext/v1/classifiers/11465/file?extension=JSON&amp;encoding=UTF_8"/>
    </system-properties>
--- a/config/tomcat/tomee/bin/setenv.sh
+++ b/config/tomcat/tomee/bin/setenv.sh
@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+export JAVA_OPTS="$JAVA_OPTS \
+ -Ddb.app.host=${DB_APP_HOST:-db} \
+ -Ddb.app.port=${DB_APP_PORT:-5432} \
+ -Ddb.app.name=${DB_APP_NAME:-app} \
+ -Ddb.app.username=${DB_APP_USERNAME:-app_user} \
+ -Ddb.app.password=${DB_APP_PASSWORD:-apppassword} \
+"
--- a/config/tomcat/tomee/conf/context.xml
+++ b/config/tomcat/tomee/conf/context.xml
@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
+    <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <Resource name="java:/webbpm/AppDS" auth="Container"
+          type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
+          url="jdbc:postgresql://${db.app.host}:${db.app.port}/${db.app.name}"
+          username="${db.app.username}" password="${db.app.password}" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
+</Context>
--- a/config/tomcat/tomee/conf/tomcat-users.xml
+++ b/config/tomcat/tomee/conf/tomcat-users.xml
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary.
+
+  Built-in Tomcat manager roles:
+    - manager-gui    - allows access to the HTML GUI and the status pages
+    - manager-script - allows access to the HTTP API and the status pages
+    - manager-jmx    - allows access to the JMX proxy and the status pages
+    - manager-status - allows access to the status pages only
+
+  The users below are wrapped in a comment and are therefore ignored. If you
+  wish to configure one or more of these users for use with the manager web
+  application, do not forget to remove the <!.. ..> that surrounds them. You
+  will also need to set the passwords to something appropriate.
+-->
+  <user username="admin" password="<must-be-changed>" roles="manager-gui"/>
+</tomcat-users>
--- a/config/tomcat/tomee/conf/webbpm.properties
+++ b/config/tomcat/tomee/conf/webbpm.properties
@ -0,0 +1,15 @@
+# WebBPM properties
+
+authentication.method=form
+
+bpmn.enable=false
+fias.enable=false
+gar.enable=false
+
+reset_password.mail.template.path=mail/reset_password.html
+security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$
+
+webbpm.mode=production
+webbpm.jbpm.hibernate_statistics.enabled=false
+webbpm.cache.hazelcast.hosts=127.0.0.1
+webbpm.cache.hazelcast.outbound_port_definitions=5801-5820
--- a/config/tomcat/tomee/webapps/manager/META-INF/context.xml
+++ b/config/tomcat/tomee/webapps/manager/META-INF/context.xml
@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+  <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+                   sameSiteCookies="strict" />
+<!--
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+-->
+  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
+</Context>