LDAP integration Spring Boot

josejl · March 21, 2019, 10:21pm

Hi,
I’ve configured my spring boot project to use ldap but I getting the below error. I read the docs and post related to issues in ldap but cannot find anything like this. Btw I’m not trying to Create or Update anything in the ldap server I’m just try to read the users and use it for login into the tasklist or cockpit.

Error:

Caused by: java.lang.UnsupportedOperationException: This identity service implementation is read-only.
at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:36) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:27) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:45) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:43) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:69) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.IdentityServiceImpl.newUser(IdentityServiceImpl.java:87) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.createUser(CreateAdminUserConfiguration.java:101) ~[camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.postProcessEngineBuild(CreateAdminUserConfiguration.java:63) ~[camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.engine.impl.cfg.CompositeProcessEnginePlugin.postProcessEngineBuild(CompositeProcessEnginePlugin.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.invokePostProcessEngineBuild(ProcessEngineConfigurationImpl.java:1026) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.buildProcessEngine(ProcessEngineConfigurationImpl.java:787) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionsProcessEngineConfiguration.buildProcessEngine(SpringTransactionsProcessEngineConfiguration.java:62) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:54) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:33) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:171) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
… 28 common frames omitted

My Ldap Configuration
@Bean public static LdapIdentityProviderPlugin ldapIdentityProviderPlugin() { LdapIdentityProviderPlugin plugin = new LdapIdentityProviderPlugin(); plugin.setServerUrl(“ldap://ldaptest.source.org”); plugin.setManagerDn(“CN=Service Account,OU=Users Accounts,OU=Users,OU=TST,OU=UNC,DC=source,DC=org”); plugin.setManagerPassword(“test”); plugin.setUserSearchBase(“OU=Users,OU=TST,OU=UNC,DC=source,DC=org”); plugin.setUserSearchFilter("(objectclass=person)"); plugin.setUserIdAttribute(“uid”); plugin.setUserFirstnameAttribute(“cn”); plugin.setUserLastnameAttribute(“sn”); plugin.setUserEmailAttribute(“mail”);

	return plugin;
}

Any help will be appreciated.

yuvrajkeenoo · March 22, 2019, 6:03am

Hi,

We have used the following codes to authenticate a user with LDAP:
Note: Add your LDAP config in the application.yaml.

public String authenticateUser(User user) {

    String username = user.getUsername();

    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, applicationProperties.ldap.getUrl());
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, username);
    env.put(Context.SECURITY_CREDENTIALS, user.getPassword());
    DirContext ctx = null;

    String defaultSearchBase = applicationProperties.ldap.getBase();

    try {
        ctx = new InitialDirContext(env);


        // username is SAMAccountName
        SearchResult sr = executeSearchSingleResult(ctx, SearchControls.SUBTREE_SCOPE, defaultSearchBase,
                MessageFormat.format(SEARCH_BY_SAM_ACCOUNT_NAME, new Object[]{username}),
                new String[]{DISTINGUISHED_NAME, CN, MEMBER_OF}
        );


        // Look for and process memberOf
        Attribute memberOf = sr.getAttributes().get(MEMBER_OF);

        String filteredSecurityGroups = "";
        this.securityGroups = "";
        if (memberOf != null) {
            for (Enumeration e1 = memberOf.getAll(); e1.hasMoreElements(); ) {

                filteredSecurityGroups = e1.nextElement().toString();
                logger.debug("Record: " + filteredSecurityGroups );

                if (filteredSecurityGroups.contains("OU=Security Groups,OU=User Groups,DC=,DC=local")){
                    this.securityGroups += getCN(filteredSecurityGroups) + ",";
                }

            }
            this.securityGroups = this.securityGroups.substring(0, this.securityGroups.length()-1);

        }

        return this.securityGroups;

    } catch (AuthenticationException e) {
        logger.warn(username + " is NOT authenticated");
        return "NOT_AUTHORISED";
    } catch (NamingException e) {
        logger.warn(username + " is Malformed and NOT authenticated");
        logger.error("NamingException found:" + e.toString());
        return "NOT_AUTHORISED";
    } finally {
        if (ctx != null) {
            try {
                ctx.close();
            } catch (NamingException e) {
                logger.warn(username + " is NOT authenticated");
                logger.error("NamingException found:" + e.toString());
                return "NOT_AUTHORISED";
            }
        }
    }
}

josejl · March 22, 2019, 5:26pm

Thank you for your help! I modified my class but I still getting the same error using the Identity plugin :

Caused by: java.lang.UnsupportedOperationException: This identity service implementation is read-only.
at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:36) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:27) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:45) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:43) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:69) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.IdentityServiceImpl.newUser(IdentityServiceImpl.java:87) ~[camunda-engine-7.10.0.jar:7.10.0]

anand · March 22, 2019, 6:51pm

I am trying to configure keyCloak Camunda Identity Provider plugin and I do get the same error. Is this a bug in 7.10 camunda?

The KeyCloak camunda indentity provider plugin is from -

java.lang.UnsupportedOperationException: This identity service implementation is read-only.
at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:36) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:27) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:45) [camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) [spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:43) [camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:69) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.IdentityServiceImpl.newUser(IdentityServiceImpl.java:87) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.createUser(CreateAdminUserConfiguration.java:101) [camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.postProcessEngineBuild(CreateAdminUserConfiguration.java:63) [camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.engine.impl.cfg.CompositeProcessEnginePlugin.postProcessEngineBuild(CompositeProcessEnginePlugin.java:106) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.invokePostProcessEngineBuild(ProcessEngineConfigurationImpl.java:1026) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.buildProcessEngine(ProcessEngineConfigurationImpl.java:787) [camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionsProcessEngineConfiguration.buildProcessEngine(SpringTransactionsProcessEngineConfiguration.java:62) [camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:54) [camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:33) [camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:171) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:101) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1674) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1216) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:277) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1244) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1164) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:593) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:90) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:374) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1378) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:575) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:392) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1127) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:307) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:392) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1127) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:602) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:590) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1204) ~[spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorRegistryBeans.get(HealthIndicatorRegistryBeans.java:42) ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration.healthIndicatorRegistry(HealthIndicatorAutoConfiguration.java:80) ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration$$EnhancerBySpringCGLIB$$745b20ec.CGLIB$healthIndicatorRegistry$1() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration$$EnhancerBySpringCGLIB$$745b20ec$$FastClassBySpringCGLIB$$c2238064.invoke() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363) ~[spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration$$EnhancerBySpringCGLIB$$745b20ec.healthIndicatorRegistry() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:607) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1127) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:277) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1244) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1164) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:857) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:760) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:509) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1127) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1083) ~[spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.actuate.endpoint.annotation.EndpointDiscoverer.createEndpointBean(EndpointDiscoverer.java:149) ~[spring-boot-actuator-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.endpoint.annotation.EndpointDiscoverer.createEndpointBeans(EndpointDiscoverer.java:136) ~[spring-boot-actuator-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.endpoint.annotation.EndpointDiscoverer.discoverEndpoints(EndpointDiscoverer.java:125) ~[spring-boot-actuator-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.endpoint.annotation.EndpointDiscoverer.getEndpoints(EndpointDiscoverer.java:119) ~[spring-boot-actuator-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.endpoint.web.ServletEndpointManagementContextConfiguration$WebMvcServletEndpointManagementContextConfiguration.servletEndpointRegistrar(ServletEndpointManagementContextConfiguration.java:76) ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.endpoint.web.ServletEndpointManagementContextConfiguration$WebMvcServletEndpointManagementContextConfiguration$$EnhancerBySpringCGLIB$$210d5d07.CGLIB$servletEndpointRegistrar$0() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.actuate.autoconfigure.endpoint.web.ServletEndpointManagementContextConfiguration$WebMvcServletEndpointManagementContextConfiguration$$EnhancerBySpringCGLIB$$210d5d07$$FastClassBySpringCGLIB$$bba1eb8c.invoke() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363) ~[spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.actuate.autoconfigure.endpoint.web.ServletEndpointManagementContextConfiguration$WebMvcServletEndpointManagementContextConfiguration$$EnhancerBySpringCGLIB$$210d5d07.servletEndpointRegistrar() ~[spring-boot-actuator-autoconfigure-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:607) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1127) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:204) [spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.web.servlet.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:235) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:226) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.ServletContextInitializerBeans.addServletContextInitializerBeans(ServletContextInitializerBeans.java:101) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.ServletContextInitializerBeans.(ServletContextInitializerBeans.java:88) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.getServletContextInitializerBeans(ServletWebServerApplicationContext.java:261) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.selfInitialize(ServletWebServerApplicationContext.java:234) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatStarter.onStartup(TomcatStarter.java:54) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5120) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1382) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1372) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_191]
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) ~[na:1.8.0_191]
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:907) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:831) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1382) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1372) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_191]
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) ~[na:1.8.0_191]
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:907) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:423) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:933) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:398) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.initialize(TomcatWebServer.java:106) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.(TomcatWebServer.java:86) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getTomcatWebServer(TomcatServletWebServerFactory.java:415) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:174) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:181) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:154) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:540) ~[spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) ~[spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at com.dcm.camunda.CamundaCaseApplication.main(CamundaCaseApplication.java:143) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) ~[spring-boot-devtools-2.1.2.RELEASE.jar:2.1.2.RELEASE]

josejl · March 22, 2019, 9:03pm

Hi,
I created a new spring boot project and add the LDAP indentity plugin and I got again the same error.

 @Bean
  public LdapIdentityProviderPlugin ldapIdentityProviderPlugin(
      @Value("${app.ldap.serverUrl}") String serverUrl,
      @Value("${app.ldap.managerDn}") String managerDn,
      @Value("${app.ldap.managerPassword}") String managerPassword,
      @Value("${app.ldap.baseDn}") String baseDn
  ) {
      LdapIdentityProviderPlugin ldapIdentityProviderPlugin = new LdapIdentityProviderPlugin();
      ldapIdentityProviderPlugin.setServerUrl(serverUrl);
      ldapIdentityProviderPlugin.setManagerDn(managerDn);
      ldapIdentityProviderPlugin.setManagerPassword(managerPassword);
      ldapIdentityProviderPlugin.setBaseDn(baseDn);
      return ldapIdentityProviderPlugin;
  }

Caused by: java.lang.UnsupportedOperationException: This identity service implementation is read-only.
at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:36) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:27) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]

I Agreed with anand could this be a bug in camunda 7.10?

Thank you

anand · March 23, 2019, 10:10pm

I see the following information. We are using Camunda Spring boot integration and so when the process engine starts, does it create a new user. Is this the reason why the readonly identity service is coming up?

Caused by: java.lang.UnsupportedOperationException: This identity service implementation is read-only.
at org.camunda.bpm.engine.impl.cmd.AbstractWritableIdentityServiceCmd.execute(AbstractWritableIdentityServiceCmd.java:36) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:27) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:45) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:43) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:69) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.IdentityServiceImpl.newUser(IdentityServiceImpl.java:87) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.createUser(CreateAdminUserConfiguration.java:101) ~[camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.spring.boot.starter.configuration.impl.custom.CreateAdminUserConfiguration.postProcessEngineBuild(CreateAdminUserConfiguration.java:63) ~[camunda-bpm-spring-boot-starter-3.2.0.jar:3.2.0]
at org.camunda.bpm.engine.impl.cfg.CompositeProcessEnginePlugin.postProcessEngineBuild(CompositeProcessEnginePlugin.java:106) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.invokePostProcessEngineBuild(ProcessEngineConfigurationImpl.java:1026) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.buildProcessEngine(ProcessEngineConfigurationImpl.java:787) ~[camunda-engine-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.SpringTransactionsProcessEngineConfiguration.buildProcessEngine(SpringTransactionsProcessEngineConfiguration.java:62) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:54) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.camunda.bpm.engine.spring.ProcessEngineFactoryBean.getObject(ProcessEngineFactoryBean.java:33) ~[camunda-engine-spring-7.10.0.jar:7.10.0]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:171) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
… 152 common frames omitted

anand · March 24, 2019, 2:02am

I was able to solve the issue “This identity service implementation is read-only.” but need to tackle another issue. The reason why the above error comes up is because we are using ReadOnlyIdentityProvider and we are trying to create users / groups in our code using IdentityService. Remember that this is only Read Only and you can’t write.

We have a configuration in yaml file as shown below and as soon as i commented out, the admin user and user1 user configuration, the error is gone.

camunda:
bpm:
authorization:
enabled: true
enabled-for-custom-code: true

admin-user:

#  id: admin
#  password: admindev
#  firstName: adminuser
#  lastName: adminlastname
#  email: admin@XXXXX.com
#user: 
#  id: user1
#  password: user1
#  firstName: userfirstname
#  lastName: userlastname
#  email: user1@XXXXX.com

Now, since camunda engine starts on springboot run, i am unable to login now to camunda engine / with any other user.

As you see in the yaml configuration below, when i put the administratorUserId and ran, it actually granted permission on all the camunda resources as it is mentioned as admin.

plugin.identity.keycloak:
keycloakIssuerUrl: https://iam.xxxxx.com/auth/realms/master
keycloakAdminUrl: https://iam.xxxxx.com/auth/admin
clientId: camunda-identity-service
clientSecret: xxxxxx-a69c-xxxx-9df9-xxxxxxxxxxxxx
useEmailAsCamundaUserId: false
administratorUserId: camunda

But, i can’t login with user “camunda” even though the user is keycloak from both my webapp or camunda admin url.

Is it something with respect to spring authentication?

Please help!!

Thanks!!

Ingo_Richtsmeier · March 25, 2019, 8:23am

Hi @anand,

You have to use your LDAP UI to add users and groups. This should be done before you start Camunda.

Hope this helps, Ingo

cute1boy · March 26, 2019, 7:41am

You can use ldap admin plugin to tell camunda about the ldap admin user/group.

josejl · March 26, 2019, 9:13pm

Hi @anand Thank you for your help. I was able to fix the issue with the yaml but now I’m facing other issue with the user Authorization. I got the below error when I try to login with my admin account (this user exists in my ldap server, I successfully search and find this user using an spring ldap class for testing purpose) :

Login Failed : Unauthorized

Here is my code to connect to ldap:

@Bean
	  public LdapIdentityProviderPlugin ldapIdentityProviderPlugin(
	      @Value("${app.ldap.serverUrl}") String serverUrl,
	      @Value("${app.ldap.managerDn}") String managerDn,
	      @Value("${app.ldap.managerPassword}") String managerPassword,
	      @Value("${app.ldap.baseDn}") String baseDn
	  ) {
	      LdapIdentityProviderPlugin ldapIdentityProviderPlugin = new LdapIdentityProviderPlugin();
	      ldapIdentityProviderPlugin.setServerUrl(serverUrl);
	      ldapIdentityProviderPlugin.setManagerDn(managerDn);
	      ldapIdentityProviderPlugin.setManagerPassword(managerPassword);
	      ldapIdentityProviderPlugin.setBaseDn(baseDn);
	      return ldapIdentityProviderPlugin;
	  }
	@Bean
	  public AdministratorAuthorizationPlugin administratorAuthorizationPlugin(){
	      AdministratorAuthorizationPlugin administratorAuthorizationPlugin = new AdministratorAuthorizationPlugin();
	      administratorAuthorizationPlugin.setAdministratorUserName("admin");
	      return administratorAuthorizationPlugin;
  }

Any help will be appreciated.

Thank you

cute1boy · March 27, 2019, 2:58am

i think you will also need ‘user-search-base’ and ‘user-id-attribute’

system · January 30, 2024, 11:38am