My project uses Camunda 7 + Spring boot 3.x to manage the workflows. I am stuck on an issue related to authentication. I’m sure there must be a way around this. Any help would be deeply appreciated. Below are the points to highlight
- The app is already protected by a custom OAuth server - I am able to integrate the OAuth using our custom spring security extension.
- The problem comes after this point. After Authentication - I set the user and groups using a container-based auth provider which works fine as long as I enable the session management to be stateful.
- My App cannot be stateful as there are multiple instances of the app running behind a load balancer. So, session management gets messy, which is why I prefer a stateless approach as the authentication is already taken care of by my oAuth security interceptor(when the req lands Camunda filters, the security context is already set with UserDetails). When I set the session creation as stateless, each request is tied to a new JSESSIONID by Camunda.
- So, My question is, is it possible to bypass the session-based logic in the Camunda web app and just map the User and UserGroups from the spring security’s user detail object so that I can access the camunda-UI(Also, I don’t see a need for a session in my app as the auth is already taken care by my framework).
Thanks,
Bala