Spring boot REST with Camunda REST Auth behaviour

rafaturtle · June 3, 2017, 9:31am

I have an application running the Spring Boot Starter. I need security active on the /rest api. I also have a /data running Spring Data Rest, so I can have access to data from embedded forms.

To activate security on /rest I am using the following config class. It works as expected. But if I add my /data to the url pattern, it prompts for a password from within tasklist, even after I’ve been logged in. This is not what I expected.

Any idea on how to sync the session from tasklist, rest and spring data?

@Configuration
public class WebConfig {

	@Bean
	public FilterRegistrationBean restAPIFilterRegistration() {

		ProcessEngineAuthenticationFilter camundaFilter = new ProcessEngineAuthenticationFilter();

		FilterRegistrationBean registration = new FilterRegistrationBean();
		ArrayList<String> urlPatterns = new ArrayList<String>();
		urlPatterns.add("/rest/*");
//		urlPatterns.add("/data/*");
		registration.setUrlPatterns(urlPatterns);
		registration.addInitParameter("authentication-provider",
				"org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
		registration.setName("camunda-auth");
		registration.setFilter(camundaFilter);
		registration.setOrder(1);
		return registration;	
	}
}

update: I’ve also tried to create my own filter. But when I call identityService.getCurrentAuthentication I keep getting null, even when I’ve logged in.

public class HttpAuthentication extends GenericFilterBean {

	protected static final String BASIC_AUTH_HEADER_PREFIX = "Basic ";


	IdentityService identityService;

	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
			throws IOException, ServletException {

		if (identityService == null){
			ServletContext servletContext = req.getServletContext();
			WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(servletContext);
			identityService = webApplicationContext.getBean(IdentityService.class);
		}
		HttpServletRequest request = ((HttpServletRequest) req);
		HttpServletResponse response = ((HttpServletResponse) res);

		if(identityService.getCurrentAuthentication() == null) {
			response.setStatus(401);

		}
		chain.doFilter(request, response);

	}
}

system · January 30, 2024, 10:53am