From 279c85fcd6f32bd1310da4900115d12069da3371 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 09:58:09 +0000
Subject: [PATCH 1/7] Initial plan
From c007489f2bc1e630ebcecb61a01e6f9d7068b532 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 10:14:28 +0000
Subject: [PATCH 2/7] Add configurable REST context path via boot.properties
- Add openidm-system dependency to openidm-servlet-registrator pom.xml
- Read openidm.servlet.alias and openidm.selfservice.alias from IdentityServer in activate()
- Add sanitizeAlias() helper to validate and normalize path aliases
- Change defaultServletUrlPatterns to instance field built dynamically in activate()
- Log configured URL patterns at startup
- Document new properties in conf/boot/boot.properties
Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/e4672272-cd70-4f4d-9d77-1c5403d6e45d
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
---
openidm-servlet-registrator/pom.xml | 5 +++
.../impl/ServletRegistrationSingleton.java | 35 +++++++++++++++++--
.../main/resources/conf/boot/boot.properties | 6 ++++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/openidm-servlet-registrator/pom.xml b/openidm-servlet-registrator/pom.xml
index f2089487b2..532743fbee 100644
--- a/openidm-servlet-registrator/pom.xml
+++ b/openidm-servlet-registrator/pom.xml
@@ -42,6 +42,11 @@
openidm-enhanced-config
${project.version}
+
+ org.openidentityplatform.openidm
+ openidm-system
+ ${project.version}
+
org.openidentityplatform.openidm
openidm-httpcontext
diff --git a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
index 345ed61151..a7bf6c6c0a 100644
--- a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
+++ b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
@@ -52,6 +52,7 @@
import org.apache.commons.lang3.StringUtils;
import org.forgerock.json.JsonValue;
import org.forgerock.json.JsonValueException;
+import org.forgerock.openidm.core.IdentityServer;
import org.forgerock.openidm.servletregistration.RegisteredFilter;
import org.forgerock.openidm.servletregistration.ServletRegistration;
import org.forgerock.openidm.servletregistration.ServletFilterRegistrator;
@@ -90,7 +91,12 @@ public class ServletRegistrationSingleton implements ServletRegistration {
private static final String[] DEFAULT_SERVLET_NAME = new String[] { "OpenIDM REST" };
- private static final String[] DEFAULT_SERVLET_URL_PATTERNS = new String[] { "/openidm/*", "/selfservice/*" };
+ private static final String PROP_SERVLET_ALIAS = "openidm.servlet.alias";
+ private static final String PROP_SELFSERVICE_ALIAS = "openidm.selfservice.alias";
+ private static final String DEFAULT_SERVLET_ALIAS = "/openidm";
+ private static final String DEFAULT_SELFSERVICE_ALIAS = "/selfservice";
+
+ private String[] defaultServletUrlPatterns = new String[] { "/openidm/*", "/selfservice/*" };
// Context of this scr component
private BundleContext bundleContext;
@@ -113,6 +119,15 @@ public class ServletRegistrationSingleton implements ServletRegistration {
public void activate(ComponentContext context) {
bundleContext = context.getBundleContext();
sharedContext = webContainer.createDefaultSharedHttpContext();
+
+ String servletAlias = IdentityServer.getInstance().getProperty(PROP_SERVLET_ALIAS, DEFAULT_SERVLET_ALIAS);
+ String selfServiceAlias = IdentityServer.getInstance().getProperty(PROP_SELFSERVICE_ALIAS, DEFAULT_SELFSERVICE_ALIAS);
+
+ servletAlias = sanitizeAlias(servletAlias, DEFAULT_SERVLET_ALIAS);
+ selfServiceAlias = sanitizeAlias(selfServiceAlias, DEFAULT_SELFSERVICE_ALIAS);
+
+ defaultServletUrlPatterns = new String[] { servletAlias + "/*", selfServiceAlias + "/*" };
+ logger.info("REST servlet URL patterns configured: {}, {}", servletAlias + "/*", selfServiceAlias + "/*");
}
/**
@@ -125,6 +140,22 @@ public void deactivate(ComponentContext context) {
bundleContext = null;
}
+ private String sanitizeAlias(String alias, String defaultAlias) {
+ if (alias == null || alias.trim().isEmpty()) {
+ logger.warn("Configured alias is empty; using default: {}", defaultAlias);
+ return defaultAlias;
+ }
+ alias = alias.trim();
+ if (alias.contains("..")) {
+ logger.warn("Configured alias '{}' contains invalid sequence '..'; using default: {}", alias, defaultAlias);
+ return defaultAlias;
+ }
+ if (!alias.startsWith("/")) {
+ alias = "/" + alias;
+ }
+ return alias;
+ }
+
/**
* {@inheritDoc}
*/
@@ -212,7 +243,7 @@ public URL apply(JsonValue jsonValue) throws JsonValueException {
// URL patterns to apply the filter to, e.g. one could also add "/openidmui/*");
List urlPatterns = config.get(SERVLET_FILTER_URL_PATTERNS)
- .defaultTo(Arrays.asList(DEFAULT_SERVLET_URL_PATTERNS))
+ .defaultTo(Arrays.asList(defaultServletUrlPatterns))
.asList(String.class);
// Filter init params, a string to string map
diff --git a/openidm-zip/src/main/resources/conf/boot/boot.properties b/openidm-zip/src/main/resources/conf/boot/boot.properties
index 04324f8194..57086f33dc 100644
--- a/openidm-zip/src/main/resources/conf/boot/boot.properties
+++ b/openidm-zip/src/main/resources/conf/boot/boot.properties
@@ -64,3 +64,9 @@ javascript.exception.debug.info=false
# valid values: SSLv3, TLSv1, TLSv1.1, TLSv1.2
# defaults to TLSv1.2 if not specified
#openidm.external.rest.tls.version=TLSv1.1
+
+# REST API context path (default: /openidm). Example: /myidm
+#openidm.servlet.alias=/openidm
+
+# Self-service UI context path (default: /selfservice). Example: /myselfservice
+#openidm.selfservice.alias=/selfservice
From 010feb12a8c4a4bb9e8c62f36038902b51627ba0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 10:37:51 +0000
Subject: [PATCH 3/7] Add documentation for configurable REST API context path
- appendix-jetty.adoc: fix urlPatterns default description, add new
section "Configuring the REST API Context Path" documenting
openidm.servlet.alias and openidm.selfservice.alias boot properties
- appendix-file-layout.adoc: enhance boot.properties description to
mention new servlet alias properties with cross-references
- appendix-ports-used.adoc: add paragraph linking to the new context
path configuration section
Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/f0a1c1a5-16b6-4d26-b72d-f7ccc9504394
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
---
.../appendix-file-layout.adoc | 2 +-
.../integrators-guide/appendix-jetty.adoc | 29 ++++++++++++++++++-
.../appendix-ports-used.adoc | 2 ++
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
index 054405d052..2022341804 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
@@ -135,7 +135,7 @@ Audit event publisher configuration file
Authentication configuration file for access to the REST API
`openidm/conf/boot/boot.properties`::
-OpenIDM bootstrap properties
+OpenIDM bootstrap properties, including HTTP/HTTPS port numbers, keystore and truststore locations, and REST API context paths (`openidm.servlet.alias`, `openidm.selfservice.alias`). For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"] and xref:appendix-ports-used.adoc#appendix-ports-used["Ports Used"].
`openidm/conf/cluster.json`::
Configuration file to enable use of this OpenIDM instance in a cluster
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
index 2529bfd07b..d6e930d925 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
@@ -181,7 +181,7 @@ The HTTP context under which the filter should be registered. The default is `"o
A list of servlet names to which the filter should apply. The default is `"OpenIDM REST"`.
`"urlPatterns"`::
-A list of URL patterns to which the filter applies. The default is `["/*"]`.
+A list of URL patterns to which the filter applies. When not specified in the filter configuration, the filter is applied to the configured REST servlet URL patterns (by default `["/openidm/*", "/selfservice/*"]`). To change the default patterns for all filters, configure the servlet alias properties in `conf/boot/boot.properties`. See xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"] for details.
`"initParams"`::
Filter configuration initialization parameters that are passed to the servlet filter `init` method. For more information, see link:https://jakarta.ee/specifications/servlet/4.0/apidocs/javax/servlet/filterconfig[https://jakarta.ee/specifications/servlet/4.0/apidocs/javax/servlet/filterconfig, window=\_top].
@@ -189,6 +189,33 @@ Filter configuration initialization parameters that are passed to the servlet fi
--
+[#configuring-rest-context-path]
+=== Configuring the REST API Context Path
+
+By default, the OpenIDM REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. You can change these context paths without rebuilding the project by setting properties in your `conf/boot/boot.properties` file.
+
+`openidm.servlet.alias`::
+The context path for the REST API. Default: `/openidm`. Example: `/myidm`.
+
+`openidm.selfservice.alias`::
+The context path for the Self-Service UI. Default: `/selfservice`. Example: `/myselfservice`.
+
+For example, to change the REST API base path to `/myidm` and the Self-Service path to `/myselfservice`, add the following to `conf/boot/boot.properties`:
+
+[source, console]
+----
+openidm.servlet.alias=/myidm
+openidm.selfservice.alias=/myselfservice
+----
+
+After restarting OpenIDM, the REST API is available at `\https://localhost:8443/myidm/` instead of `\https://localhost:8443/openidm/`.
+
+[NOTE]
+====
+If you change the REST API context path, make sure to update any servlet filter configurations in `conf/servletfilter-*.json` that use explicit `"urlPatterns"` referencing the old path. Servlet filters that rely on the default URL patterns (no `"urlPatterns"` key in the filter config) are automatically updated when OpenIDM restarts.
+====
+
+
[#disabling-protocols]
=== Disabling and Enabling Secure Protocols
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
index 941b277acc..c02003171e 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
@@ -44,3 +44,5 @@ HTTPS access to the REST API, requiring SSL mutual authentication. Clients that
--
The Jetty configuration (in `openidm/conf/jetty.xml`) references the ports that are specified in the `boot.properties` file.
+In addition to the port numbers, the base context path of the REST API is also configurable via `conf/boot/boot.properties`. By default, the REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. To change these paths, set the `openidm.servlet.alias` and `openidm.selfservice.alias` properties. For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"].
+
From 0cfad86d4b2b949805c5d1edc5723c4796f43003 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 12:11:00 +0000
Subject: [PATCH 4/7] Update copyright year to 2026 in all modified files
- appendix-file-layout.adoc: Portions Copyright 2024-2026 3A Systems LLC.
- appendix-jetty.adoc: Portions Copyright 2024-2026 3A Systems LLC.
- appendix-ports-used.adoc: Portions Copyright 2024-2026 3A Systems LLC.
- ServletRegistrationSingleton.java: Portions Copyrighted 2024-2026 3A Systems LLC.
- openidm-servlet-registrator/pom.xml: Portions Copyrighted 2024-2026 3A Systems LLC.
Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/25e63c20-5d22-4591-a89b-d011e3615ccd
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
---
.../main/asciidoc/integrators-guide/appendix-file-layout.adoc | 2 +-
.../src/main/asciidoc/integrators-guide/appendix-jetty.adoc | 2 +-
.../main/asciidoc/integrators-guide/appendix-ports-used.adoc | 2 +-
openidm-servlet-registrator/pom.xml | 2 +-
.../servletregistration/impl/ServletRegistrationSingleton.java | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
index 2022341804..f598b50d2a 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
@@ -12,7 +12,7 @@
information: "Portions copyright [year] [name of copyright owner]".
Copyright 2017 ForgeRock AS.
- Portions Copyright 2024-2025 3A Systems LLC.
+ Portions Copyright 2024-2026 3A Systems LLC.
////
:figure-caption!:
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
index d6e930d925..21c521326a 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
@@ -12,7 +12,7 @@
information: "Portions copyright [year] [name of copyright owner]".
Copyright 2017 ForgeRock AS.
- Portions Copyright 2024-2025 3A Systems LLC.
+ Portions Copyright 2024-2026 3A Systems LLC.
////
:figure-caption!:
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
index c02003171e..0e9934f832 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
@@ -12,7 +12,7 @@
information: "Portions copyright [year] [name of copyright owner]".
Copyright 2017 ForgeRock AS.
- Portions Copyright 2024-2025 3A Systems LLC.
+ Portions Copyright 2024-2026 3A Systems LLC.
////
:figure-caption!:
diff --git a/openidm-servlet-registrator/pom.xml b/openidm-servlet-registrator/pom.xml
index 532743fbee..9bd8e16a4c 100644
--- a/openidm-servlet-registrator/pom.xml
+++ b/openidm-servlet-registrator/pom.xml
@@ -22,7 +22,7 @@
~ your own identifying information:
~ "Portions Copyrighted [year] [name of copyright owner]"
~
- ~ Portions Copyrighted 2024-2025 3A Systems LLC.
+ ~ Portions Copyrighted 2024-2026 3A Systems LLC.
-->
4.0.0
diff --git a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
index a7bf6c6c0a..de57b85909 100644
--- a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
+++ b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
@@ -21,7 +21,7 @@
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
- * Portions Copyrighted 2024-2025 3A Systems LLC.
+ * Portions Copyrighted 2024-2026 3A Systems LLC.
*/
package org.forgerock.openidm.servletregistration.impl;
From 21f1fa5641a47e5c4788b27c0461ed668c329661 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 17:59:13 +0000
Subject: [PATCH 5/7] Add Portions Copyright 2026 3A Systems LLC. to
boot.properties
The file was modified by the PR (new openidm.servlet.alias and
openidm.selfservice.alias properties were added) but had no copyright
header. Added the missing copyright comment at the top of the file.
Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/ed10c497-af2e-4d85-bcf8-a04c2d7fec61
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
---
openidm-zip/src/main/resources/conf/boot/boot.properties | 2 ++
1 file changed, 2 insertions(+)
diff --git a/openidm-zip/src/main/resources/conf/boot/boot.properties b/openidm-zip/src/main/resources/conf/boot/boot.properties
index 57086f33dc..419379a9d2 100644
--- a/openidm-zip/src/main/resources/conf/boot/boot.properties
+++ b/openidm-zip/src/main/resources/conf/boot/boot.properties
@@ -1,3 +1,5 @@
+# Portions Copyright 2026 3A Systems LLC.
+
openidm.port.http=8080
openidm.port.https=8443
openidm.port.mutualauth=8444
From 22f807db330c18559069e415c86a07ee8318ef15 Mon Sep 17 00:00:00 2001
From: Valery Kharseko
Date: Mon, 30 Mar 2026 10:43:33 +0300
Subject: [PATCH 6/7] Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
.../appendix-file-layout.adoc | 2 +-
.../appendix-ports-used.adoc | 2 +-
.../impl/ServletRegistrationSingleton.java | 37 ++++++++++++++++++-
.../main/resources/conf/boot/boot.properties | 9 ++++-
4 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
index f598b50d2a..0847bf40b9 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-file-layout.adoc
@@ -135,7 +135,7 @@ Audit event publisher configuration file
Authentication configuration file for access to the REST API
`openidm/conf/boot/boot.properties`::
-OpenIDM bootstrap properties, including HTTP/HTTPS port numbers, keystore and truststore locations, and REST API context paths (`openidm.servlet.alias`, `openidm.selfservice.alias`). For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"] and xref:appendix-ports-used.adoc#appendix-ports-used["Ports Used"].
+OpenIDM bootstrap properties, including HTTP/HTTPS port numbers, keystore and truststore locations, and configuration of the default URL patterns used when registering REST-related servlet filters (for example, `openidm.servlet.alias` and `openidm.selfservice.alias`). These settings do not change the underlying REST servlet alias (which remains `/openidm`). For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"] and xref:appendix-ports-used.adoc#appendix-ports-used["Ports Used"].
`openidm/conf/cluster.json`::
Configuration file to enable use of this OpenIDM instance in a cluster
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
index 0e9934f832..40928796c9 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-ports-used.adoc
@@ -44,5 +44,5 @@ HTTPS access to the REST API, requiring SSL mutual authentication. Clients that
--
The Jetty configuration (in `openidm/conf/jetty.xml`) references the ports that are specified in the `boot.properties` file.
-In addition to the port numbers, the base context path of the REST API is also configurable via `conf/boot/boot.properties`. By default, the REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. To change these paths, set the `openidm.servlet.alias` and `openidm.selfservice.alias` properties. For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"].
+In addition to the port numbers, you can configure the default servlet-filter URL patterns associated with the REST API base context path and the Self-Service UI via `conf/boot/boot.properties`. By default, the REST API servlet is mapped under `/openidm/` and the Self-Service UI under `/selfservice/`; these servlet mappings are defined elsewhere and are not moved by the `boot.properties` settings. The `openidm.servlet.alias` and `openidm.selfservice.alias` properties only influence the filter URL patterns applied to those contexts. For details, see xref:appendix-jetty.adoc#configuring-rest-context-path["Configuring the REST API Context Path"].
diff --git a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
index de57b85909..ce1c6d9d5d 100644
--- a/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
+++ b/openidm-servlet-registrator/src/main/java/org/forgerock/openidm/servletregistration/impl/ServletRegistrationSingleton.java
@@ -143,16 +143,49 @@ public void deactivate(ComponentContext context) {
private String sanitizeAlias(String alias, String defaultAlias) {
if (alias == null || alias.trim().isEmpty()) {
logger.warn("Configured alias is empty; using default: {}", defaultAlias);
- return defaultAlias;
+ return normalizeAlias(defaultAlias);
}
alias = alias.trim();
if (alias.contains("..")) {
logger.warn("Configured alias '{}' contains invalid sequence '..'; using default: {}", alias, defaultAlias);
- return defaultAlias;
+ return normalizeAlias(defaultAlias);
}
+ return normalizeAlias(alias);
+ }
+
+ /**
+ * Normalizes an alias so that it is safe to use when building URL patterns
+ * via {@code alias + "/*"}.
+ *
+ * - Ensures a leading "/".
+ * - Strips a trailing "/*" if present.
+ * - Strips a single trailing "/" when the alias length is greater than 1.
+ * - Maps "/" to the empty string so the resulting pattern becomes exactly "/*".
+ *
+ *
+ * @param alias the raw alias value (non-null, already trimmed).
+ * @return a normalized alias suitable for concatenation with "/*".
+ */
+ private String normalizeAlias(String alias) {
+ // Ensure leading slash
if (!alias.startsWith("/")) {
alias = "/" + alias;
}
+
+ // Special-case: root context should result in "/*" when patterns are built.
+ if ("/".equals(alias)) {
+ return "";
+ }
+
+ // Strip trailing "/*" if present
+ if (alias.endsWith("/*")) {
+ alias = alias.substring(0, alias.length() - 2);
+ }
+
+ // Strip a single trailing "/" (but avoid turning "/" into empty; handled above)
+ if (alias.length() > 1 && alias.endsWith("/")) {
+ alias = alias.substring(0, alias.length() - 1);
+ }
return alias;
}
diff --git a/openidm-zip/src/main/resources/conf/boot/boot.properties b/openidm-zip/src/main/resources/conf/boot/boot.properties
index 419379a9d2..20c878a028 100644
--- a/openidm-zip/src/main/resources/conf/boot/boot.properties
+++ b/openidm-zip/src/main/resources/conf/boot/boot.properties
@@ -67,8 +67,13 @@ javascript.exception.debug.info=false
# defaults to TLSv1.2 if not specified
#openidm.external.rest.tls.version=TLSv1.1
-# REST API context path (default: /openidm). Example: /myidm
+# Base path used when building default servlet-filter URL patterns for the REST API.
+# Note: this does NOT change the core REST servlet context path, which remains /openidm.
+# Example override: /myidm
#openidm.servlet.alias=/openidm
-# Self-service UI context path (default: /selfservice). Example: /myselfservice
+# Base path used when building default servlet-filter URL patterns for self-service REST endpoints.
+# Note: this does NOT control the Self-service UI context root; that is configured in
+# conf/ui.context-selfservice.json (default "/").
+# Example override: /selfservice
#openidm.selfservice.alias=/selfservice
From e0d0fc965f00fd7fb113bb8c42aca7655b7c2344 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 30 Mar 2026 17:38:48 +0000
Subject: [PATCH 7/7] Fix misleading docs: servlet alias properties affect
filter URL patterns only
- Fix boot.properties selfservice example: /selfservice IS the default,
so the example override is now /myselfservice
- Rewrite appendix-jetty.adoc section: rename from "Configuring the REST
API Context Path" to "Configuring Default Servlet-Filter URL Patterns";
add IMPORTANT callout clarifying these properties do NOT change the
actual REST servlet registration (remains /openidm), and that the
Self-Service UI context root is configured via
conf/ui.context-selfservice.json
Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenIDM/sessions/bed0ddf4-38d9-4f95-98d5-9935b6d02a99
Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
---
.../integrators-guide/appendix-jetty.adoc | 19 +++++++++++--------
.../main/resources/conf/boot/boot.properties | 4 ++--
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
index 21c521326a..674f8d9f1c 100644
--- a/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
+++ b/openidm-doc/src/main/asciidoc/integrators-guide/appendix-jetty.adoc
@@ -190,17 +190,22 @@ Filter configuration initialization parameters that are passed to the servlet fi
[#configuring-rest-context-path]
-=== Configuring the REST API Context Path
+=== Configuring Default Servlet-Filter URL Patterns
-By default, the OpenIDM REST API is accessible at `/openidm/` and the Self-Service UI at `/selfservice/`. You can change these context paths without rebuilding the project by setting properties in your `conf/boot/boot.properties` file.
+OpenIDM servlet filters can be configured to apply to specific URL patterns. When a filter configuration in `conf/servletfilter-*.json` does not specify an explicit `"urlPatterns"` list, OpenIDM builds a default set of patterns from the following `conf/boot/boot.properties` properties:
`openidm.servlet.alias`::
-The context path for the REST API. Default: `/openidm`. Example: `/myidm`.
+Base path used when building default filter URL patterns for REST API endpoints. Default: `/openidm`. Example override: `/myidm`.
`openidm.selfservice.alias`::
-The context path for the Self-Service UI. Default: `/selfservice`. Example: `/myselfservice`.
+Base path used when building default filter URL patterns for self-service REST endpoints. Default: `/selfservice`. Example override: `/myselfservice`.
-For example, to change the REST API base path to `/myidm` and the Self-Service path to `/myselfservice`, add the following to `conf/boot/boot.properties`:
+[IMPORTANT]
+====
+These properties only control which URL patterns are applied to servlet filters that do not have an explicit `"urlPatterns"` key in their filter config. They do *not* change the actual REST servlet registration, which remains at `/openidm`. The Self-Service UI context root is configured separately via `conf/ui.context-selfservice.json` (default: `/`).
+====
+
+For example, to apply default filters to `/myidm/` and `/myselfservice/` instead of the standard paths, add the following to `conf/boot/boot.properties` and restart OpenIDM:
[source, console]
----
@@ -208,11 +213,9 @@ openidm.servlet.alias=/myidm
openidm.selfservice.alias=/myselfservice
----
-After restarting OpenIDM, the REST API is available at `\https://localhost:8443/myidm/` instead of `\https://localhost:8443/openidm/`.
-
[NOTE]
====
-If you change the REST API context path, make sure to update any servlet filter configurations in `conf/servletfilter-*.json` that use explicit `"urlPatterns"` referencing the old path. Servlet filters that rely on the default URL patterns (no `"urlPatterns"` key in the filter config) are automatically updated when OpenIDM restarts.
+Servlet filter configurations in `conf/servletfilter-*.json` that use explicit `"urlPatterns"` are not affected by these properties. Only filters without explicit URL patterns use the values derived from `openidm.servlet.alias` and `openidm.selfservice.alias`.
====
diff --git a/openidm-zip/src/main/resources/conf/boot/boot.properties b/openidm-zip/src/main/resources/conf/boot/boot.properties
index 20c878a028..d2ec78b9d0 100644
--- a/openidm-zip/src/main/resources/conf/boot/boot.properties
+++ b/openidm-zip/src/main/resources/conf/boot/boot.properties
@@ -75,5 +75,5 @@ javascript.exception.debug.info=false
# Base path used when building default servlet-filter URL patterns for self-service REST endpoints.
# Note: this does NOT control the Self-service UI context root; that is configured in
# conf/ui.context-selfservice.json (default "/").
-# Example override: /selfservice
-#openidm.selfservice.alias=/selfservice
+# Example override: /myselfservice
+#openidm.selfservice.alias=/myselfservice