feat: support dynamic REST context path in UI

[Copilot]

When OpenIDM starts with -Dopenidm.context.path=/myidm, the UI sends all REST calls to /openidm/… (hardcoded), getting 404s and rendering a blank page. The fix threads the actual context path from the server into the client at page load.

Server-side: inject context path into index.html

ResourceServlet.copyIndexHtml() reads openidm.context.path from IdentityServer, sanitizes it, and injects a script tag before </head>:

<script>window.__openidm_context = "myidm";</script>

Client-side: consume injected context path

Constants.js now reads the injected value with a safe fallback:

commonConstants.context = window.__openidm_context || "openidm";

Replace all hardcoded /openidm/ in UI JavaScript

All 30+ delegate and view files that had "/openidm/" strings now use "/" + constants.context + "/". Files affected:

• Common delegates: ConfigDelegate, InfoDelegate, PolicyDelegate, ResourceDelegate, SocialDelegate, SystemHealthDelegate, InternalUserDelegate, NotificationDelegate, WorkflowDelegate
• Admin delegates: SyncDelegate, ReconDelegate, AuditDelegate, MaintenanceDelegate, WorkflowDelegate, SecurityDelegate, SchedulerDelegate, ConnectorDelegate, ScriptDelegate, ExternalAccessDelegate
• Admin views: MappingUtils, EditUserView, DataAssociationManagementView, all workflow views (ProcessInstanceView, TaskInstanceView, ProcessListView, TaskListView, ActiveProcessesView, ProcessDefinitionView, ProcessDefinitionsView, ProcessHistoryView)

Swagger UI

openidm-ui-api/src/main/resources/index.html default API URL updated:

url = "/" + (window.__openidm_context || "openidm") + "/?_api";

E2E tests & CI

• ui-smoke-test.spec.mjs: REST API test URLs use OPENIDM_CONTEXT_PATH env var (defaults to /openidm, no regression)
• build.yml: added a second Playwright test run that restarts OpenIDM with -Dopenidm.context.path=/myidm and executes the full test suite against it

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• central.sonatype.com
  • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --enable-native-access=ALL-UNNAMED -classpath /usr/share/apache-maven-3.9.14/boot/plexus-classworlds-2.9.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.14/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.14 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.14/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/OpenIDM/OpenIDM org.codehaus.plexus.classworlds.launcher.Launcher -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip (dns block)
• maven.alfresco.com
  • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --enable-native-access=ALL-UNNAMED -classpath /usr/share/apache-maven-3.9.14/boot/plexus-classworlds-2.9.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.14/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.14 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.14/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/OpenIDM/OpenIDM org.codehaus.plexus.classworlds.launcher.Launcher -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip (dns block)
• repository.jboss.org
  • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --enable-native-access=ALL-UNNAMED -classpath /usr/share/apache-maven-3.9.14/boot/plexus-classworlds-2.9.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.14/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.14 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.14/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/OpenIDM/OpenIDM org.codehaus.plexus.classworlds.launcher.Launcher -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip (dns block)
• www.eclipse.org
  • Triggering command: /opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/tools/linux64/java/bin/java /opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/tools/linux64/java/bin/java -jar /opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/xml/tools/xml-extractor.jar --fileList=/tmp/codeql-scratch-dd852eba2a5d9229/dbs/java/working/files-to-index2768345561981740654.list --sourceArchiveDir=/tmp/codeql-scratch-dd852eba2a5d9229/dbs/java/src --outputDir=/tmp/codeql-scratch-dd852eba2a5d9229/dbs/java/trap/java --global t (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Problem

When OpenIDM is started with a custom REST context path (-Dopenidm.context.path=/myidm), the UI fails to load because Constants.context is hardcoded as "openidm" in the JavaScript code. All REST calls from the UI are formed via "/" + Constants.context + "/...", so they go to /openidm/... instead of /myidm/..., resulting in 404 errors and a blank page (the #login element never appears).

This causes all Playwright UI smoke tests to fail with:

TimeoutError: page.waitForSelector: Timeout 30000ms exceeded.
Call log:
  - waiting for locator('#login') to be visible

See PR #152 for the failing CI workflow.

Root Cause

1. openidm-ui/openidm-ui-common/src/main/js/org/forgerock/openidm/ui/common/util/Constants.js has commonConstants.context = "openidm"; hardcoded.

2. Multiple UI delegate files have hardcoded "/openidm/" strings instead of using Constants.context:

   • openidm-ui/openidm-ui-admin/src/main/js/org/forgerock/openidm/ui/admin/delegates/SyncDelegate.js — serviceUrl: constants.host + "/openidm/repo/link" and serviceUrl: "/openidm/endpoint/mappingDetails"
   • openidm-ui/openidm-ui-admin/src/main/js/org/forgerock/openidm/ui/admin/delegates/ReconDelegate.js — serviceUrl: "/openidm/recon/" and serviceUrl: "/openidm/audit/recon"
   • openidm-ui/openidm-ui-common/src/main/js/org/forgerock/openidm/ui/common/resource/RelationshipArrayView.js — uses constants.context already (good)
   • openidm-ui/openidm-ui-admin/src/main/js/org/forgerock/openidm/ui/admin/mapping/util/MappingUtils.js — serviceUrl: "/openidm/repo/links"
   • openidm-ui/openidm-ui-admin/src/main/js/org/forgerock/openidm/ui/admin/user/EditUserView.js — serviceUrl: "/openidm/managed/user"
   • openidm-ui/openidm-ui-common/src/main/js/org/forgerock/openidm/ui/common/delegates/ResourceDelegate.js — serviceUrl: constants.host + "/openidm/endpoint/linkedView/"
   • openidm-ui/openidm-ui-api/src/main/resources/index.html (Swagger UI) — url = "/openidm/?_api";

3. The server-side ResourceServlet (openidm-servlet/src/main/java/org/forgerock/openidm/ui/internal/service/ResourceServlet.java) serves index.html but does not inject the actual context path into the page.

Required Changes

1. Server-side: Inject context path into index.html

In ResourceServlet.java, when serving index.html, read the actual context path from IdentityServer.getInstance().getProperty("openidm.context.path", "/openidm") and inject it into the HTML response. The cleanest approach is:

• When the target is /index.html, read the file contents as a string
• Insert a <script> tag in the <head> section: <script>window.__openidm_context = "myidm";</script> (without leading slash)
• Send the modified content to the client

Look at the existing doGet method around line 120-170 to see how index.html is already treated specially (no-cache headers). The injection should happen there, before writing the response.

The property name to read is openidm.context.path. Strip the leading / before injecting since Constants.context is used without it (e.g., "openidm" not "/openidm").

2. Client-side: Make Constants.context dynamic

In openidm-ui/openidm-ui-common/src/main/js/org/forgerock/openidm/ui/common/util/Constants.js, change:

commonConstants.context = "openidm";

to:

commonConstants.context = window.__openidm_context || "openidm";

3. Replace all hardcoded /openidm/ in UI JavaScript

Search for all occurrences of hardcoded "/openidm/" in JavaScript files under openidm-ui/ and replace them with "/" + constants.context + "/" (using the appropriate variable name for the Constants module in that file). Known locations:

• SyncDelegate.js: constants.host + "/openidm/repo/link" → constants.host + "/" + constants.context + "/repo/link" and "/openidm/endpoint/mappingDetails" → "/" + constants.context + "/endpoint/mappingDetails"
• ReconDelegate.js: "/openidm/recon/" → "/" + constants.context + "/recon/" and "/openidm/audit/recon" → "/" + constants.context + "/audit/recon"
• MappingUtils.js: "/openidm/repo/links" → "/" + constants.context + "/repo/links"
• EditUserView.js: "/openidm/managed/user" → "/" + constants.context + "/managed/user" (make sure Constants is imported)
• ResourceDelegate.js: constants.host + "/openidm/endpoint/linkedView/" → constants.host + "/" + constants.context + "/endpoint/linkedView/"
• openidm-ui-api/src/main/resources/index.html (Swagger): url = "/openidm/?_api"; → read from window.__openidm_context or default to "openidm"

4. Fix the CI workflow in .github/workflows/build.yml

The current "UI Smoke Tests with /myidm context path" step runs ALL tests. Once the UI supports the dynamic context path, these tests should pass. No changes needed to the workflow if the above fixes are correct. However, if some tests still rely o...

This pull request was created from Copilot chat.