WebAdmin Configuration

WebAdmin is configured through application.yaml (or application.properties) under the aseeflow.webadmin prefix. This page lists the core properties that apply to every authentication mode. For provider-specific settings, see Authentication.

Core properties

Property	Type	Default	Description
`aseeflow.webadmin.base-path`	String	`webadmin`	Base path for the UI, `/api/config`, and static assets. Leading/trailing slashes are normalized. Set to empty (`""`) only for WAR deployments where the container provides the context path.
`aseeflow.webadmin.authentication`	String	`basic`	Authentication mode: `basic`, `form`, `oauth2`, or `keycloak`. Selects which security filter chains are active.
`aseeflow.webadmin.disable-rest-security`	Boolean	`false`	When `true`, the starter leaves `/engine-rest/` and `/api/` unprotected. Use only for development or when REST is secured elsewhere.
`aseeflow.webadmin.show-swagger`	Boolean	`true`	Toggles the Swagger entry in the UI navigation. Hides the link only; it does not remove the Swagger assets.
`aseeflow.webadmin.show-legacy-apps`	Boolean	`true`	Toggles links to the legacy web apps (Cockpit, Tasklist, Admin) in the UI.
`aseeflow.webadmin.engine-rest-client-url`	String	`engine-rest`	Client-side URL the browser uses for Engine REST calls. Relative (`api/engine-rest`), absolute same-origin (`/engine-rest`), or a full external URL. Set to the proxy path when the proxy is enabled.
`aseeflow.webadmin.engine-rest-proxy-enabled`	Boolean	`false`	Enables the proxy controller under `/{base-path}/api/engine-rest/**`. Use when you need a same-origin REST endpoint (for example, OAuth2 token forwarding).
`aseeflow.webadmin.engine-rest-server-url`	String	`/engine-rest`	Server-side URL the proxy forwards to. Must be an absolute path starting with `/` on the same server.

Do not use an empty base-path in a standalone Spring Boot application — it causes security conflicts with Swagger and the legacy web apps. Use a dedicated path such as webadmin or admin. The empty value is for WAR deployments only (see Deployment).

Examples

Default base path:

aseeflow:
  webadmin:
    authentication: basic
    base-path: webadmin   # UI at http://localhost:8080/webadmin

Custom base path:

aseeflow:
  webadmin:
    base-path: admin      # UI at http://localhost:8080/admin

Hide Swagger and the legacy app links:

aseeflow:
  webadmin:
    show-swagger: false
    show-legacy-apps: false

Enable the Engine REST proxy (for OAuth2 token forwarding):

aseeflow:
  webadmin:
    engine-rest-proxy-enabled: true
    engine-rest-client-url: api/engine-rest   # the browser calls the proxy
    engine-rest-server-url: /engine-rest      # the proxy forwards here

The Engine REST proxy

By default the browser calls the engine REST API directly. Enabling the proxy routes those calls through WebAdmin (/{base-path}/api/engine-rest/**), which then forwards them to engine-rest-server-url on the same server. The proxy’s main purpose is to propagate the OAuth2 access token from the WebAdmin session to the engine REST API — required when REST and WebAdmin are deployed as separate WARs under OAuth2 or Keycloak. For Basic and Form authentication, direct calls work and the proxy can stay disabled.

​Core properties

​Examples

​The Engine REST proxy

Core properties

Examples

The Engine REST proxy