Added info

.github/workflows/docker-publish.yml

@@ -29,6 +29,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Set Version
+        run: sed -i.bak "s/<version>.*-SNAPSHOT<\/version>/<version>${{ github.ref_name }}<\/version>/" pom.xml
+
       # Install the cosign tool
       # https://github.com/sigstore/cosign-installer
 #      - name: Install cosign

.github/workflows/release.yml

@@ -30,6 +30,9 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
+      - name: Set Version
+        run: sed -i.bak "s/<version>.*-SNAPSHOT<\/version>/<version>${{ github.ref_name }}<\/version>/" pom.xml
+
       - name: Build with Maven
         run: ./mvnw -B package -Dmaven.test.skip
 

README.md

@@ -405,7 +405,7 @@ It supports the following configuration options:
 | `JASPER_CLEAR_CACHE_COOLDOWN_SEC`              | Number of seconds to throttle clearing the config cache.                                                                       | `2`                                                                                                                                                                                                           |
 | `JASPER_PUSH_COOLDOWN_SEC`                     | Number of seconds to throttle pushing after modification.                                                                      | `1`                                                                                                                                                                                                           |
 | `JASPER_LOCAL_ORIGIN`                          | The origin of this server, unless overridden in a header or auth token.                                                        | `false`                                                                                                                                                                                                       |
-| `JASPER_ALLOW_LOCAL_ORIGIN_HEADER`             | Allow overriding the local origin via the `Local-Origin` header.                                                               | `false`                                                                                                                                                                                                       |
+| `JASPER_ALLOW_LOCAL_ORIGIN_HEADER`             | Allow overriding the local origin via the `Local-Origin` header. Only set this if you set in reverse proxy.                    | `false`                                                                                                                                                                                                       |
 | `JASPER_ALLOW_USER_TAG_HEADER`                 | Allow pre-authentication of a user via the `User-Tag` header.                                                                  | `false`                                                                                                                                                                                                       |
 | `JASPER_ALLOW_USER_ROLE_HEADER`                | Allows escalating user role via `User-Role` header.                                                                            | `false`                                                                                                                                                                                                       |
 | `JASPER_ALLOW_AUTH_HEADERS`                    | Allow adding additional user permissions via `Read-Access`, `Write-Access`, `Tag-Read-Access`, and `Tag-Write-Access` headers. | `false`                                                                                                                                                                                                       |
@@ -448,6 +448,13 @@ It supports the following configuration options:
 | `JASPER_OVERRIDE_SECURITY_SCIM_ENDPOINT`       | Override the security scimEndpoint for all origins.                                                                            |                                                                                                                                                                                                               |
 | `JASPER_HEAP`                                  | Set both max and initial heap size for the JVM. Only applies to the docker container.                                          | `512m`                                                                                                                                                                                                        |
 
+### Multi-tenant
+When run with the default settings, the local origin is set to `""`. This means all origins are visible.
+If you change the local origin to something else, like `@other`, you can only see sub-origins, like `@other.one`.
+You can change the local origin with a HTTP header to use the server in multi-tenant mode. If you login though a
+reverse-proxy or gateway that sets the local origin back to `""` you will still be able to see all origins.
+You can also run workers in their own origin as a sandbox.
+
 ### Profiles
 Setting the active profiles is done through the `SPRING_PROFILES_ACTIVE` environment
 variable. Multiple profiles can be activated by adding them all as a comma

pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>jasper</groupId>
 	<artifactId>jasper</artifactId>
-	<version>1.2.0-SNAPSHOT</version>
+	<version>1.2.479-SNAPSHOT</version>
 	<name>jasper</name>
 	<description>Knowledge graph server</description>
 

src/main/java/jasper/config/SecurityConfiguration.java

@@ -37,6 +37,7 @@
 import static jasper.security.AuthoritiesConstants.MOD;
 import static jasper.security.AuthoritiesConstants.USER;
 import static jasper.security.AuthoritiesConstants.VIEWER;
+import static org.apache.commons.lang3.ArrayUtils.isEmpty;
 import static org.apache.commons.lang3.StringUtils.isNotBlank;
 
 @EnableWebSecurity
@@ -74,6 +75,25 @@ void init() {
 			logger.error("==================================================");
 			logger.error("==================================================");
 		}
+		logger.warn("==================================================");
+		logger.warn("==================================================");
+		logger.warn("DEFAULT ROLE:\t\t\t {}", props.getDefaultRole());
+		logger.warn("DEFAULT READ ACCESS:\t\t {}", isEmpty(props.getDefaultReadAccess()) ? "" : String.join(", ", props.getDefaultReadAccess()));
+		logger.warn("DEFAULT WRITE ACCESS:\t {}", isEmpty(props.getDefaultWriteAccess()) ? "" : String.join(", ", props.getDefaultWriteAccess()));
+		logger.warn("DEFAULT TAG READ ACCESS:\t {}", isEmpty(props.getDefaultTagReadAccess()) ? "" : String.join(", ", props.getDefaultTagReadAccess()));
+		logger.warn("DEFAULT TAG WRITE ACCESS: {}", isEmpty(props.getDefaultTagWriteAccess()) ? "" : String.join(", ", props.getDefaultTagWriteAccess()));
+		logger.warn("MAX ROLE:\t\t\t\t {}", props.getMaxRole());
+		logger.warn("MIN ROLE:\t\t\t\t {}", props.getMinRole());
+		logger.warn("MIN WRITE ROLE:\t\t\t {}", props.getMinWriteRole());
+		logger.warn("MIN CONFIG ROLE:\t\t\t {}", props.getMinConfigRole());
+		logger.warn("MIN READ BACKUPS ROLE:\t {}", props.getMinReadBackupsRole());
+		logger.warn("AUTH HEADERS:\t\t\t {}", props.isAllowAuthHeaders() ? "ENABLED" : "-");
+		logger.warn("USER HEADERS:\t\t\t {}", props.isAllowUserTagHeader() ? "ENABLED" : "-");
+		logger.warn("ROLE HEADERS:\t\t\t {}", props.isAllowUserRoleHeader() ? "ENABLED" : "-");
+		logger.warn("ROLE HEADERS:\t\t\t {}", props.isAllowLocalOriginHeader() ? "ENABLED" : "-");
+		logger.warn("ORIGIN HEADERS:\t\t\t {}", props.isAllowLocalOriginHeader() ? "ENABLED" : "-");
+		logger.warn("==================================================");
+		logger.warn("==================================================");
 	}
 
 	private boolean profile(String profile) {
@@ -126,8 +146,6 @@ public AuthenticationManager noopAuthenticationManager() {
 
 	@Bean
 	JWTConfigurer securityConfigurerAdapter() {
-		logger.info("Maximum Role: {}", props.getMaxRole());
-		logger.info("Minimum Role: {}", props.getMinRole());
 		return new JWTConfigurer(props, tokenProvider, defaultTokenProvider, configs);
 	}