I’m doning an spring boot WebApp with integrating Camunda.
All went fine, until I started to activate Spring Security.
As soon as Spring Security is activated, login into Admin/Cockpit/Tasklist failes - when disabling Spring Security again, everything is fine.
To reproduce:
application.properties
camunda.bpm.admin-user.id = xxx
camunda.bpm.admin-user.password = xxx
camunda.bpm.webapp.index-redirect-enabled = false
build.gradle:
springBootVersion = ‘2.0.4.RELEASE’
…
compile(‘org.springframework.boot:spring-boot-starter-web’)
compile ‘org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter:3.0.0’
compile ‘org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-webapp:3.0.0’
All find, and
curl -X POST -H ‘Accept: application/json’ --data ‘username=xxx’ --data ‘password=xxx’ http://localhost:8080/didi/sai/pilot/api/admin/auth/user/default/login/welcome
{“userId”:“didi”,“authorizedApps”:[“admin”,“tasklist”,“welcome”,“cockpit”]}
But as soon as I add:
compile('org.springframework.boot:spring-boot-starter-security')
spring.security.user.name=xxx
spring.security.user.password=xxx
spring.security.user.role=xxx
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/webapp/**").permitAll();
//http.authorizeRequests().antMatchers("/api/admin/auth/user/didiBPE/login/welcome").permitAll();
}
I get Login Failed : Forbidden and
curl -i -X POST -H ‘Accept: application/json’ --data ‘username=xxx’ --data ‘password=xxx’ http://localhost:8080/didi/sai/pilot/api/admin/auth/user/default/login/welcome
HTTP/1.1 403 Forbidden
Set-Cookie: JSESSIONID=4D73C158BC59A39BE2A37C7D14BC22F1; Path=/didi/sai/pilot; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Date: Thu, 02 Aug 2018 19:18:36 GMT
Content-Length: 166
Server: lighttpd/1.4.49
Any idea how to have Camunda and Spring Sec in parallel?
Thx, Axel