Hi,
I’m trying to configure Http Basic Authentication in the process engine, deployed on jboss EAP 7; we configured filters following this:
https://docs.camunda.org/manual/7.7/reference/rest/overview/authentication/
The problem occurs with CORS OPTION requests: the extractAuthenticatedUser method in the HttpBasicAuthenticationProvider class always returns unsuccessful because OPTION requests does not contain authentication headers.
Any suggestion about this problem?
Thanks,
Marco
Hi Marc,
a workaround could be check if the request is an Option and then allow it.
if("OPTIONS".equalsIgnoreCase(request.getMethod())) {
return AuthenticationResult.successful("admin");
}
Hope this is useful.
BR,
Dario
Hi Dario,
I tried your workaround and it works but you are using the username “admin” to authenticate. Could it be a security issue?
And if I use the LDAP Identity Service (https://docs.camunda.org/manual/7.7/user-guide/process-engine/identity-service/), what username can I use?
Thanks,
Marco