Hi, I have a use-case to solve and I am unsure about activating Camunda authorization or not. Any suggestions or hints about problems or missing points in my “solutions” are welcome.
Setup:
- The Camunda engine is embedded in a Spring-Boot module and accessed by Java-API
- The users are using a custom GUI, not the Camunda tasklist (nor other Camunda webapps)
- The custom GUI sends authenticated REST calls to the Spring-Boot module (Spring Security with LDAP)
Use-Case:
- We have a process with a human task
- Every process instance belongs to a specific “category”
- The category will probably be set as a process variable on the instance
- One category represents “protected” tasks
- These protected tasks must only be handled by a small group of employees
- The other users of the system must not be able to load or process protected tasks
- Even if they try to get a protected process instance by using its ID in a REST call or similar, they must not get it
First thought:
- Use Camunda authorized with LDAP integration
- Offer filters for the different categories
- Make the “protected” filter only visible for the “protected” user-group
- And most important: secure “protected” process instances with a specific LDAP role (assigned to a specific group)
- Because in my understanding, the filter is only about visibility. It is not a protection
- By the way, I have no idea how to do this, but found a hint about implementing a TaskListener
Advantage: the “protected” process instances are protected by Camunda, no matter what the Spring-Boot module code does
Disadvantage: complexity to use Camunda authorized, protect specific instances etc.
Second thought:
- Use Camunda without authorization
- Offer filters for the different categories
- Apply and check user roles in the Spring-Boot module for whatever action is called. For example
- Filter the filter list based on user roles
- Check category against user roles when a process instance is requested
Advantage: run Camunda without authorization
Disadvantage: the “protected” process instances are only protected by the module code. If the code is buggy, a protected instance could be accessed by a non-authorized user.
Thanks
Stephan