Runtime protection
Out-of-the-box, Blueriq comes with an in-memory authentication provider. This default implementation should be used for development purposes as they store the credentials in plain text on the file system. To configure an authentication provider for production purposes, please read Runtime Authentication and HTTP Security in java Runtime.
Default exposed endpoints
The following list contains all endpoints that are exposed in Blueriq by default.
| UI Expand |
|---|
|
Note that everything behind /server/** may not be blocked. Endpoint | Method |
|---|
| / | GET | | /displayNames | PUT | | /endpoints | GET | | /endpoints/{name} | GET | | /projects | GET | | /projects/{id} | GET | | /projects/{id}/metadata | GET | /shortcuts | GET | /shortcuts/{name} | GET | | /caseEvents | GET | | /caseEvents/{eventId} | GET | | /caseEvents/{eventId} | POST | /cases | GET | | /cases/{caseId} | GET | | /cases/{caseId}/attributes | GET | | /endpoints | GET | | /endpoints/{name} | GET | /tasks | GET | /tasks/{taskId} | GET | /tasks/{taskId} | PUT | | /tasks/{taskId}/customFields | GET | /api/v1/api-docs | GET | | /session/{sessionId}/api/authentication/logout | GET | | /session/{sessionId}/api/document/{type}/{documentName}/{pageName} | GET | | /session/{sessionId}/api/image/{imageName} | GET | | /session/{subscriptionId}/api/subscribe | POST | | /session/{sessionId}/api/subscribe/{subscriptionId} | POST | | /session/{sessionId}/api/subscription/{subscriptionId}/handleEvent | POST | | /session/{sessionId}/api/subscription/{subscriptionId}/startFlow/{flowName} | POST | | /session/{sessionId}/api/utility/keepAlive | GET | | /session/{sessionId}/api/dmn/{entityName}/{instanceId}/{attributeName} | GET | | /session/{sessionId}/filedownload/{connectionName}/{fileId}/ | GET | | /session/{sessionId}/api/widget/{infoKey} | POST |
In case some of them are unnecessary they should be blocked by the firewall. |