Hello there,
we are currently trying to implement SSO for our applications. When we go to our URL, our access management is called and we receive an access token. everything works fine so far. But then our filter is called and somehow, it tries to pull data from the build in h2 database instead of the configured postgres database.
here is our filter:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// Current limitation: Only works for the default engine
ProcessEngine engine = org.camunda.bpm.engine.ProcessEngines.getProcessEngine("default");
// EngineUtil.lookupProcessEngine("default");
logger.info("Engine Info[Databasetype]: " + engine.getProcessEngineConfiguration().getDatabaseType());
String username;
String headerValue = httpRequest.getHeader(principalRequestHeader);
String principal = "N/A";
logger.info("OIDC Header: " + principalRequestHeader);
logger.info("Access Token: " + headerValue);
/*if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}*/
if (headerValue == null) {
throw new PreAuthenticatedCredentialsNotFoundException(principalRequestHeader
+ " header not found in request.");
}
try {
DecodedJWT jwt = JWT.decode(headerValue);
Claim custom_claims = jwt.getClaim(customClaimsField);
JsonNode node = custom_claims.as(JsonNode.class);
JsonNode claims = node.get("claims");
principal = claims.get(myCampUsernameField).textValue();
logger.info("mycamp_username: " + principal);
} catch (JWTDecodeException exception){
throw new JWTDecodeException(exception.getMessage());
}
try {
engine.getIdentityService().setAuthentication(principal, getUserGroups(principal));
chain.doFilter(request, response);
} finally {
clearAuthentication(engine);
}
}
private List<String> getUserGroups(String userId){
List<String> groupIds;
//org.springframework.security.core.Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
//logger.info("Kein plan: " + authentication.getPrincipal().toString());
groupIds = identityService.createGroupQuery().list().stream()
.map(Group::getId)
.collect(Collectors.toList());
//logger.info("Camunda-User: " + identityService.createUserQuery().userId(userId).singleResult().getEmail());
logger.info("Anzahl an Gruppen: " + groupIds.size());
logger.info("Alle Gruppen: " + groupIds.toString());
return groupIds;
}
And here is our configuration:
spring:
application:
name: default-camunda
datasource:
hikari:
connectionTimeout: 20000
maximumPoolSize: 5
password: 'dbPassword'
username: camundadev
url: jdbc:postgresql://postgres:1234/camunda
driverClassName: org.postgresql.Driver
server:
servlet:
context-path: /bpm
camunda:
bpm:
application:
delete-upon-undeploy: false
scan-for-process-definitions: true
deploy-changed-only: true
resume-previous-versions: true
process-engine-name: default
job-execution:
enabled: true
deployment-aware: true
metrics:
enabled: false
db-reporter-activate: false
authorization:
enabled: true
tenant-check-enabled: true
enabled-for-custom-code: true
auto-deployment-enabled: true
logging:
level:
root: INFO
auth:
sso:
header: access_token
claims:
someClaims: myClaims
#camunda.bpm.auto-deployment-enabled: false
Did we something wrong in the configuration? The database worked fine before we implemented the SSO feature. My guess is that our call to get the engine is wrong, but i did not find a solution so far.
Thanks in advance
Pascal
Edit:The embedded database is always started, as it can be seen within the logs:
2019-12-10 08:17:41.894 INFO 6 --- [ost-startStop-1] o.s.j.d.e.EmbeddedDatabaseFactory : Starting embedded database: url='jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=false', username='sa'
Can you force the application to never start the h2 database? I dont think it started the h2 database before we implemented the SSO.