I made a previous post about not being able to view user operation logs from API transactions. After some research I found an engine configuration setting that seems like it should log the user operations even if I’m not logged in. However, after setting the config I have still not been able to see the user operations when I make api requests that are not authenticated.
My first thought was that the process engine I created wasn’t being picked up by the spring context. However, if I set the Schema update to true on a profile where I’ve restricted the database user to read and write the process engine throws an error trying to create new tables. So I’m fairly certain that the process engine configuration I have is being utilized.
Are there additional spring boot properties required or does setRestrictUserOperationLogToAuthenticatedUsers(false) not set the user-operation to log unauthenticated user operations?
Here is the rest of my EngineConfiguration bean where I’m trying to enable unauthenticated user operations.
@Bean
public SpringProcessEngineConfiguration processEngineConfiguration() {
SpringProcessEngineConfiguration config = new SpringProcessEngineConfiguration();
config.setDataSource(datasource);
config.setTransactionManager(transactionManager());
config.setDatabaseSchemaUpdate("true");
config.setHistory(ProcessEngineConfiguration.HISTORY_FULL);
config.setRestrictUserOperationLogToAuthenticatedUsers(false);
config.setJobExecutorActivate(true);
config.setJobExecutor(jobExecutor());
return config;
}
Hi @Zach_Hubbs,
what do you want to achive?
From a security point of view you should log all operations, also them which are done through the REST API.
For this, you have to activate the user authentication on the REST API. In spring boot, you can do it as described here: https://github.com/camunda-consulting/code/tree/master/snippets/springboot-rest-api-basic-auth.
On the other hand, if you don’t care about user authentication, you can add
camunda:
bpm:
generic-properties:
properties:
restrictUserOperationLogToAuthenticatedUsers: false
to your application.yml.
I got the desired entries in ACT_HI_OP_LOG with these settings.
Hope this helps, Ingo
Hi @Ingo_Richtsmeier,
Thank you! that worked perfectly.
Setting that generic property allows me to see the claim events I created through the api without authentication via the history/user-operation endpoint. The generic properties seem very useful, but the documentation does not provide a comprehensive list of so it’s hard to tell what you can do with them.
As for what I’m trying to do. I want to get the timestamp of when a task was claimed via the REST API. From what I’ve read the user-operation history is the only place I can get that information. Authentication isn’t a problem but when I stumbled onto the setting to allow user operation logs without authentication I wanted to try it out.
I know this gets into spring application context details but, I’m curious why setting the property on my SpringProcessEngineConfiguration bean did not have the desired effect. I thought that the Camunda spring boot starter would prioritize my bean over whatever is provided by the starter.
Thanks again for helping me out!
Hi @Ingo_Richtsmeier @Zach_Hubbs, i have a standalone custom instance migration plugin which i add as a maven dependency in my spring boot camunda app. The USER_ID_ in ACT_HI_OP_LOG is null when i do Migrate operation. How can i have the USER_ID_ populated with the logged in user that uses the plugin?
Hi @rubatsiro,
could you please open a new thread for your problem?
Thank you, Ingo