hi Experts,
we have upgraded camunda from 7.19 to 7.20.0 and upgraded spring boot from 2.5 to 3.0 and have changed configuration to register authentication filters accordingly.
But after upgrade, engine-rest endpoints are not getting authenticated by JWT token.
Below code snippet is the one I am using to protect endpoints.
Just to mention, our custom endpoint /custom is working fine and is protected
@Order(1)
@Configuration
public class ApiHttpSecurityConfiguration {
@Bean
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
http.apply(AadResourceServerHttpSecurityConfigurer.aadResourceServer()).and().addFilterBefore(camundaRestAuthFilter().getFilter(), UsernamePasswordAuthenticationFilter.class).
securityMatcher("/custom/**", "/engine-rest/**").authorizeHttpRequests().anyRequest().authenticated();
http.csrf((csrf) -> csrf.disable());
http.anonymous(anonymous -> anonymous.disable());
return http.build();
}
@Bean
public FilterRegistrationBean camundaRestAuthFilter() {
// ProcessEngineAuthenticationFilter sets the authentication details to the
// Camunda Rest Api
FilterRegistrationBean filterRegistration = new FilterRegistrationBean<>();
filterRegistration.setFilter(new ProcessEngineAuthenticationFilter());
filterRegistration.setInitParameters(Collections.singletonMap("authentication-provider", ContainerBasedAuthenticationProvider.class.getCanonicalName()));
filterRegistration.setOrder(103); // make sure the filter is registered after the Spring Security Filter Chain
filterRegistration.addUrlPatterns("/engine-rest/*", "/custom/*");
return filterRegistration;
}
}
