Ja/ai review #1031
Open
Ja/ai review #1031
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aurambaj
force-pushed
the
ja/ai-review
branch
2 times, most recently
from
e02ccea to
01c1eb2
Compare
Adds do-not-translate and case-sensitive flags for glossary entries, improving accuracy and consistency of term application during AI translations.
- Upgrade to Webpack5 and Babel 7. - Refactor webpack.config.js to share the code between the core and the ict extension
In current state it prevent to move string TRANSLATION_NEEDED to REVIEW_NEEDED/ACCEPTED We typically wanted the previous behavior to be able to marked false positive excluded as ACCEPTED, and missed error as excluded. With the new change this should still work, but we can move
This prepares the application for `l10n.security.stateless=true` mode with JWT validation from any OIDC-compliant identity provider, while keeping stateful mode behavior unchanged. - Add `spring-boot-starter-oauth2-resource-server` to enable Spring Security JWT resource server features. - Implement `/auth/callback` route in `ReactAppController` for SPA login flow. - Extract common request matcher rules into `WebSecurityConfig.setAuthorizationRequests(...)` for reuse between stateful and stateless configs. - Switch `getHealthcheckPatterns()` to accept a forwarding flag and return `List<String>`. - Update matcher block to explicitly allow SPA routes and health checks, restrict rotation/loggers to localhost.
- Add ReactStatelessSecurityConfig (@ConfigurationProperties l10n.security.stateless) - msal fields: authority, clientId, scope; plus enabled flag - Wire into ReactStaticAppConfig to include statelessSecurity in APP_CONFIG - JavaDoc clarifies MSAL authority should not include /v2.0\n\nNo changes to existing stateful flows; null values remain when unset.
In stateful, the user info were provided via the app shell, now we need to fetch them from the API after the user has been authenticated
- Added @azure/msal-browser dependency - Introduced AuthCallback route and TokenProvider integration - Updated App, Header, and BaseClient to handle stateless mode - Stateless mode uses MSAL for token acquisition and logout - buildHeaders now adapts to auth mode, method, and payload type - Credentials mode set to 'omit' for stateless, 'include' for stateful - Adjusted authentication handler to redirect via TokenProvider in stateless mode
… creds)
- docs: add "CLI Stateless Auth (MSAL)" with examples and server mapping
- deps: add msal4j 1.13.8 to restclient
- restclient: wire BearerTokenInterceptor when STATELESS
- add TokenSupplier implementations for:
- MSAL_DEVICE_CODE
- MSAL_BROWSER_CODE
- MSAL_CLIENT_CREDENTIALS
- add persistent token cache path (~/.mojito/msal-token-cache.json)
- ResttemplateConfig:
- add AuthenticationMode { STATEFUL, STATELESS }
- add StatelessAuthentication with provider and MSAL settings
Upgrade notes:
- Enable stateless: l10n.resttemplate.authentication-mode=STATELESS
- Pick a provider: l10n.resttemplate.stateless.provider=MSAL_DEVICE_CODE|MSAL_BROWSER_CODE|MSAL_CLIENT_CREDENTIALS
- Device/Browser: use public client id and a named delegated scope (e.g., api://<aud>/api_access)
- Client credentials: use confidential client id + secret and scope api://<aud>/.default
Introduce four SecurityFilterChain beans: - JWT (stateless): handles JWT-based requests - Header (stateless): handles x-forwarded-user based requests - refactored to be moved out from stateful - Stateful (old): handles session-based requests - Fallback: applies when no chain matches and always returns 401. Meant to block if no other authentication is set up
aurambaj
force-pushed
the
ja/ai-review
branch
3 times, most recently
from
71ea255 to
11217e6
Compare
…a link screenshot
Allows to upload multiple screenshots easily with drag and drop or via the file picker fixup! new dropzone
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.