Call Webservice in User Task

Camunda 7 Topics Discussion & Questions
,
1

Hi,

I am using Camunda Tasklist. In my User Task Form I want to display additional images that I can fetch from my own webservice. Camunda Tasklist and webservice are running on the same server.

The webservice needs authentication.

I imagined that I can just use the currently authenticated user in camunda to serve to the webservice as authentication. I set the cookie path to “/” so that the session id is transmitted to my webservice. However the webservice cant retrieve the session because the session is only available to the /camunda context. And not to my /webservice context.

What is the preferred way to call a webservice that needs authentication from a user task form?

All the best,
Lukas

2

I am using tomcat and came to the following solution. webRequest is a HttpServletRequest.

if (webRequest != null) {
		ServletContext servletContext = webRequest.getServletContext();
		ServletContext camundaContext = servletContext.getContext("/camunda");
		Manager manager = getManager(camundaContext);
		if (manager != null) {
			Session session = manager.findSession(webRequest.getRequestedSessionId());
			if (session != null) {
				Principal principal = session.getPrincipal();
				if (principal != null) {
					setSecurityContext(requestContext, principal.getName());
				}
				Object auth = session.getSession().getAttribute("authenticatedUser");
				if (auth.getClass().getName().equals("org.camunda.bpm.webapp.impl.security.auth.Authentications")) {
					try {
						Method methodGetAuth = auth.getClass().getMethod("getAuthenticationForProcessEngine",
								String.class);
						Object getAuthResult = methodGetAuth.invoke(auth, "default");
						if (getAuthResult.getClass().getName()
								.equals("org.camunda.bpm.webapp.impl.security.auth.UserAuthentication")) {
							Method methodGetName = getAuthResult.getClass().getMethod("getName", new Class[] {});
							String username = (String) methodGetName.invoke(getAuthResult, new Object[] {});
							setSecurityContext(requestContext, username);
						}
					} catch (NoSuchMethodException e) {
						e.printStackTrace();
					} catch (SecurityException e) {
						e.printStackTrace();
					} catch (IllegalAccessException e) {
						e.printStackTrace();
					} catch (IllegalArgumentException e) {
						e.printStackTrace();
					} catch (InvocationTargetException e) {
						e.printStackTrace();
					}
				}
			}
		}
	}

private Manager getManager(ServletContext context) {
	ApplicationContextFacade appContextFacadeObj = (ApplicationContextFacade) context;

	try {
		Field applicationContextField = appContextFacadeObj.getClass().getDeclaredField("context");
		applicationContextField.setAccessible(true);
		ApplicationContext appContextObj = (ApplicationContext) applicationContextField.get(appContextFacadeObj);
		Field standardContextField = appContextObj.getClass().getDeclaredField("context");
		standardContextField.setAccessible(true);
		StandardContext standardContextObj = (StandardContext) standardContextField.get(appContextObj);
		Manager manager = standardContextObj.getManager();
		return manager;
	} catch (Exception e) {
		return null;
	}
}
3