I’m using LDAP authentication and the authorization is enabled using camunda.bpm.authorization.enabled=true. That’s working fine and I can only access these endpoints when authenticated:
http://localhost:9001/api/engine/engine/default/**
I have some additional rest api deployed with some custom services using following:
@Component
@ApplicationPath("/rest")
public class CamundaJerseyResourceConfig extends ResourceConfig implements InitializingBean {
private static final Logger log = LoggerFactory.getLogger(CamundaJerseyResourceConfig.class);
public void afterPropertiesSet() throws Exception {
registerCamundaRestResources();
}
protected void registerCamundaRestResources() {
registerClasses(NamedProcessEngineRestServiceImpl.class, CustomService1.class, CustomService2.class, ...);
registerClasses(CamundaRestResources.getConfigurationClasses());
register(JacksonFeature.class);
}
}
Is there some way to use the same security mechanism which is used in the default rest deployment in the webapp package? I’ve found there’s another authorization property: camunda.bpm.authorization.enabled-for-custom-code=true. However this doesn’t seem to work in my case. How can I extend the authorization filter on my rest services?
I’m using camunda-bpm-spring-boot-starter-webapp version 7.11.0