Hello , I have updated camunda from 7.11 to 7.13 {owing to some issues in SSO login , which were already posted}. I have modified my code to use container Based authentcation . But still Camunda asks for login when accessed . Here is my config .
Could someone address on whats wrong with below config ? Or if anyone has integrated sso with camunda, please refer me the same.
Rest Security Config:
@Bean
public FilterRegistrationBean<StatelessAuthenticationFilter> restFilterRegistrationBean() {
FilterRegistrationBean<StatelessAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new StatelessAuthenticationFilter());
registrationBean.addUrlPatterns("/rest/*");
registrationBean.setOrder(1); //set precedence
return registrationBean;
}
Stateless Auth filter:
public class StatelessAuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("Enter StatelessAuthenticationFilter >>> ");
ProcessEngine engine = EngineUtil.lookupProcessEngine("default");
final HttpServletRequest req = (HttpServletRequest) request;
CustomSSOedAuthenticationToken principal = (CustomSSOedAuthenticationToken) getContext().getAuthentication().getPrincipal();
String name = principal.getName();
try {
engine.getIdentityService().setAuthentication(name, new ArrayList<>(getGroupsOfUser(principal)));
System.out.println(engine.getIdentityService().getCurrentAuthentication().getUserId() + " is part of groups "+
engine.getIdentityService().getCurrentAuthentication().getGroupIds());
System.out.println("Delegating to Chain#doFilter");
chain.doFilter(request, response);
} finally {
engine.getIdentityService().clearAuthentication();
}
}
Web Security Config:
@Bean
public FilterRegistrationBean containerBasedAuthenticationFilter(){
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new ContainerBasedAuthenticationFilter());
filterRegistration.setInitParameters(Collections.singletonMap("authentication-provider",
"com.camunda.filter.SpringSecurityAuthProvider"));
filterRegistration.setOrder(101); // make sure the filter is registered after the Spring Security Filter Chain
filterRegistration.addUrlPatterns("/app/*");
return filterRegistration;
}
SpringSecurityAuthProvider:
public class SpringSecurityAuthProvider extends ContainerBasedAuthenticationProvider {
public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine){
System.out.println("Enter SpringSecurityAuthProvider >>> ");
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
CustomSSOedAuthenticationToken principal = (CustomSSOedAuthenticationToken ) auth.getPrincipal();
System.out.println("principal is "+principal);
AuthenticationResult authenticationResult = new AuthenticationResult(auth.getName(),true);
authenticationResult.setGroups(new ArrayList<>(getGroupsOfUser(principal)));
System.out.println("auth result for user " +auth.getName() + " is " +authenticationResult.getGroups());
System.out.println("Exit SpringSecurityAuthProvider >>> ");
return authenticationResult;
}
My application is hosted under servlet path named : /camunda
Also my property file has : camunda.bpm.authorization.enabled=true
on developer mode : one of the call to the camunda {http://localhost:8080/camunda/camunda/api/admin/auth/user/default} gives 404