I use authorization in a Spring Boot project. That’s what I did:
- Implement authentication. I use the standard Spring Security filter chain for this. This will write your authenticated user to the Spring SecurityContext.
- You need to “translate” the authentication from Spring SecurityContext to Camunda. To this end, add a ContainerBasedAuthenticationFilter (from the Camunda namespace). This Filter takes a class as init parameter. This class implements the actual translation from Spring SecurityContext to Camunda. You have to write this class yourself.
If there is no Camunda authentication present (i.e. no translation to Camunda), the engine will allow full access to everything.
I posted some snippets about this in a different thread:
Hope this helps!