Authorizations not working

Camunda 7 Topics Discussion & Questions
,
1

Hello there,
I am having trouble using the Authorizations feature in the admin webapp.
I created a new user :

image
image800×253 13.2 KB

And this Authorization :

image
image981×202 14.3 KB

I thought it was supposed prevent user testUserId from using the cockpit. However, when I log in with these credentials, I can still access it.
I found that I needed to set the “authorizationEnabled” property to true, but maybe I did it wrong, here is my processes.xml file :

image

2

You might need to clear the cache in your web browser.

3

Hi Niall,
Thank you for your answer.
Unfortunately it did not work. Do you need any other information about my application setup ?

4

Is that user part of the Camunda Admin group?

5

No, the only user in this group is demo.

6

Maybe I should mention that I’m using a spring boot project.

7

I use authorization in a Spring Boot project. That’s what I did:

  1. Implement authentication. I use the standard Spring Security filter chain for this. This will write your authenticated user to the Spring SecurityContext.
  2. You need to “translate” the authentication from Spring SecurityContext to Camunda. To this end, add a ContainerBasedAuthenticationFilter (from the Camunda namespace). This Filter takes a class as init parameter. This class implements the actual translation from Spring SecurityContext to Camunda. You have to write this class yourself.

If there is no Camunda authentication present (i.e. no translation to Camunda), the engine will allow full access to everything.

I posted some snippets about this in a different thread:

Hope this helps!

1 Like
8

Hi mba,
Thanks a lot for your answer, I will try your solution.

9

Thanks for sharing your experience @mba :slight_smile:

11