Basic Auth: /engine-rest/ not working

Hello,

i try to secure the “HOSTNAME/engine-rest/” with Basic Auth.

I setup this in the web.xml:

<filter>
  <filter-name>camunda-auth</filter-name>
  <filter-class>
    org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
  </filter-class>
  <async-supported>true</async-supported>
  <init-param>
    <param-name>authentication-provider</param-name>
    <param-value>org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>camunda-auth</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

When i restart camunda every URL From Camunda has a Basic Auth. (incl. engine-rest)
I only want to have the “HOSTNAME/engine-rest/” with Basic Auth.

i tryed

<filter-mapping>
  <filter-name>camunda-auth</filter-name>
  <url-pattern>/engine-rest/*</url-pattern>
</filter-mapping>

But after restart HOSTNAME/engine-rest/ ist not protected.
Only HOSTNAME/camunda/engine-rest/. But thats not the Endpoint.

something like /api/ dont work to:

<filter-mapping>
  <filter-name>camunda-auth</filter-name>
  <url-pattern>/api/*</url-pattern>
</filter-mapping>

what did i do wrong?

Hi,

In which web.xml did you define this filter?
Engine-rest and Webapps have their own web.xmls.

I suspect you are adding this to the webapp which usually uses the /camunda context path, while the engine-rest’s default path is /engine-rest.

This should be defined in engine-rest’s web.xml with /* mapping.

-Daniel

Ah okay. Under camunda/server/apache-tomcat-x/webapps/engine-rest/WEB-INF/ was another web.xml. Now it worked.
Thank you!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.