I have 2 Tomcats. Tomcat1 contains web application with Camunda REST API (using camunda-engine-rest-core.jar) and Tomcat2 contains Camunda web applications.
I changed configuration for Cockpit in index.html on Tomcat2 to use REST API from Tomcat1.
<base href="$BASE"
cockpit-api="$APP_ROOT/api/cockpit/"
engine-api="http://localhost:8080/camunda-rest/"
app-root="$APP_ROOT" />
Both servers are using embedded mode. Both servers are using same datasource. Both applications are configured authorizationEnabled=false. I’m not using any security for REST in Tomcat1.
Everything is working fine for CE. But if I’m using EE web applications I have a problem with authorization.
After I open Cockipt login page and enter correct credentials this request is sent:
http://localhost:8080/camunda-rest/engine/default/authorization/check?permissionName=ALL&resourceName=authorization&resourceType=4
But REST is responding “HTTP 401” - “You must be authenticated in order to use this resource.” and this cause I’m redirected back to login page and I can’t login. Answer from REST is maybe correct because Cockpit is not sending any authorization header and is not authorized against REST application in Tomcat1. But my question is, why Cockpit is calling this request at all? I have disabled authorization on both servers. And another question is, why this request is not called in CE Cockpit and everything is working fine.