Leveraging Camunda Login for process app in dashboard

gdharley · April 14, 2017, 3:26pm

Hi all,

I am building a custom dashboard inside the Process App (i.e. starting at the standard index.html).
But I want to force login to some of the pages beyond the top level status page (index.html).

Has anyone done anythign like this?
Thanks,
Greg

mppfor_manu · April 14, 2017, 9:53pm

Do you mean you want a second login after they log into the Camunda GUI web application? Where are you authenticating the user?

gdharley · April 17, 2017, 12:19pm

No, I want to leverage the camunda login for the index.html in my process app.
Perhaps I am over thinking this.
I am using Camunda spring boot starter web, as such, the camunda tasklist, admin and cockpit are secured, but the index.html is not. I want to update the security configuration to secure the index.html as well.

Im pretty sure I have to add spring security support and update the WebMvcConfigurerAdapter, but I am confused that the existing webapps (admin, tasklist and cockpit) are already secured, so perhaps spring security is already included (but I cant seem to find it).

Does this make sense?

mppfor_manu · April 17, 2017, 12:51pm

I have very little experience with forms, but my limited experience would tell me that you would have to wrap this in a task that would then be accessible only to certain people. You would have to go through the Task GUI to access it, but you could use Camunda’s authorization system to control who could use the task.

We’ve gone beyond this at my company because we’re using an external authorization system, but I’m not sure that’s applicable here.

The other option would be to explore authorization mechanism offered by the Java container you’re using (Tomcat, WildFly, etc.). In theory, you could leverage one of those within Camunda using a sort of single sign on (SSO) mechanism. For example, you could use LDAP for this.

I won’t trivialize what I’m suggesting here. It’s not easy to do any of this and unfortunately I can’t help much as this work was done by a colleague. I think you’re best bet is to try and leverage the Camunda authorization system through a task that you can restrict using the native Camunda security.

gdharley · April 17, 2017, 6:17pm

I think the following forum thread answers my question:

I was looking to leverage the “Authentications” object and securityFilterRules.json to add my own webapp.
But it looks as though these are internal only implementations and I’d likely run foul of future changes if I tried to leverage it.

Greg

system · January 30, 2024, 10:50am