Turn On Basic HTTP Authentication for REST API in Spring Boot

davidch · April 24, 2017, 5:47am

Hello, I’m new in camunda.

I read this document about Basic HTTP authentication
https://docs.camunda.org/manual/7.6/reference/rest/overview/authentication/

How to turn on Basic HTTP Authentication for REST API in Spring Boot?
Can someone help me with example to configure it?

Thank you.

davidch · April 24, 2017, 7:54am

Finally I solved this problem. Just add this configuration class.

@Configuration
public class CamundaSecurityFilter {

	@Bean
	public FilterRegistrationBean processEngineAuthenticationFilter() {
		FilterRegistrationBean registration = new FilterRegistrationBean();
		registration.setName("camunda-auth");
		registration.setFilter(getProcessEngineAuthenticationFilter());
		registration.addInitParameter("authentication-provider",
				"org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
		registration.addUrlPatterns("/*");
		return registration;
	}

	@Bean
	public Filter getProcessEngineAuthenticationFilter() {
		return new ProcessEngineAuthenticationFilter();
	}
}

aravindhrs · June 19, 2018, 5:43pm

its worked for me. But we should be careful with when using in-memory H2 DB, if anyone configured H2 datasource with “:mem”. Data will lost on restart of application so all the users will be deleted. For that bootstrap sql scripts to insert the users or else use “:file”

carbon_60 · April 2, 2020, 2:00pm

@ davidch,

Thank you for this post. I know this is an old post, but I can’t help thanking you for figuring this one out that saved me countless hours of struggling on how to do this for Spring boot application. I will see if we can add this to the Camunda document for future newbies like me.

surajmali14 · April 6, 2020, 11:13am

It works. Thank you

kamalakannanvkp · August 7, 2020, 5:28pm

Hi @Niall @siben_nayak @carbon_60 @aravindhrs @davidch , Can someone address on this issue

i am facing the issue , i have used the same filter

 @Bean
    public FilterRegistrationBean<ProcessEngineAuthenticationFilter> restFilterRegistrationBean() {
        FilterRegistrationBean<ProcessEngineAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
        ProcessEngineAuthenticationFilter customFilter = new ProcessEngineAuthenticationFilter();
        registrationBean.addInitParameter("authentication-provider","org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
        registrationBean.setFilter(customFilter);
        registrationBean.addUrlPatterns("/rest/*");
        registrationBean.setOrder(1); //set precedence
        return registrationBean;
    }

Also i have the AutoLoginAuthenticationFilter

camunda-consulting/camunda-webapp-plugins/blob/master/camunda-webapp-plugin-sso-autologin/src/main/java/com/camunda/demo/sso/AutoLoginAuthenticationFilter.java

for setting the camunda session via sso session.

After all this i have the below issue :

java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:3007) ~[tomcat-embed-core-9.0.21.jar:9.0.21] at org.apache.catalina.connector.Request.getSession(Request.java:2442) ~[tomcat-embed-core-9.0.21.jar:9.0.21]

system · January 30, 2024, 10:51am