I want to use Camunda for process management in our firm. For a start, I’d like to use the builtin Webapps to execute and control processes. In addition, I want to make use of Camunda’s embedded Forms capabilities. Currently, I’m using Camunda with Spring Boot starters.
In our forms, we need additional data that is saved in our Database. As far as I can see, the only possible way to accomplish this is by providing the data via custom REST-Endpoints and retrieve the information with Angular HTTP.
I want to secure our custom REST-Endpoints using the same Session Cookie which is used for securing Webapps and their APIs, i. e. /api/* and /app/*.
How can I register, say /custom-api/*, as an additional path that is secured by the same authentication provider, which are securing the Webapps’ endpoints?
If you take a look at web.xml file of camunda webapp, you would see a security filter is defined where below json file is used as the configuration point from which you can set deniedPaths & allowedPaths
WEB-INF/securityFilterRules.json
You can use above configuration file to restrict access to your custom rest endpoint too. but your custom rest application should be defined under camunda webapp context in this case.
I did find these rules, however, I thought that this needs too much fiddling around and doesn’t integrate neatly.
I figured out another approach that should to be working fine.
I’m registering a custom Filter for the URL pattern /custom-api/*. The filter itself is looking up the Authentications from the session. If no authentications are found, then the User hasn’t logged in before.