Hi,
I am using Camunda Tasklist. In my User Task Form I want to display additional images that I can fetch from my own webservice. Camunda Tasklist and webservice are running on the same server.
The webservice needs authentication.
I imagined that I can just use the currently authenticated user in camunda to serve to the webservice as authentication. I set the cookie path to “/” so that the session id is transmitted to my webservice. However the webservice cant retrieve the session because the session is only available to the /camunda context. And not to my /webservice context.
What is the preferred way to call a webservice that needs authentication from a user task form?
All the best,
Lukas
I am using tomcat and came to the following solution. webRequest is a HttpServletRequest.
if (webRequest != null) {
ServletContext servletContext = webRequest.getServletContext();
ServletContext camundaContext = servletContext.getContext("/camunda");
Manager manager = getManager(camundaContext);
if (manager != null) {
Session session = manager.findSession(webRequest.getRequestedSessionId());
if (session != null) {
Principal principal = session.getPrincipal();
if (principal != null) {
setSecurityContext(requestContext, principal.getName());
}
Object auth = session.getSession().getAttribute("authenticatedUser");
if (auth.getClass().getName().equals("org.camunda.bpm.webapp.impl.security.auth.Authentications")) {
try {
Method methodGetAuth = auth.getClass().getMethod("getAuthenticationForProcessEngine",
String.class);
Object getAuthResult = methodGetAuth.invoke(auth, "default");
if (getAuthResult.getClass().getName()
.equals("org.camunda.bpm.webapp.impl.security.auth.UserAuthentication")) {
Method methodGetName = getAuthResult.getClass().getMethod("getName", new Class[] {});
String username = (String) methodGetName.invoke(getAuthResult, new Object[] {});
setSecurityContext(requestContext, username);
}
} catch (NoSuchMethodException e) {
e.printStackTrace();
} catch (SecurityException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (IllegalArgumentException e) {
e.printStackTrace();
} catch (InvocationTargetException e) {
e.printStackTrace();
}
}
}
}
}
private Manager getManager(ServletContext context) {
ApplicationContextFacade appContextFacadeObj = (ApplicationContextFacade) context;
try {
Field applicationContextField = appContextFacadeObj.getClass().getDeclaredField("context");
applicationContextField.setAccessible(true);
ApplicationContext appContextObj = (ApplicationContext) applicationContextField.get(appContextFacadeObj);
Field standardContextField = appContextObj.getClass().getDeclaredField("context");
standardContextField.setAccessible(true);
StandardContext standardContextObj = (StandardContext) standardContextField.get(appContextObj);
Manager manager = standardContextObj.getManager();
return manager;
} catch (Exception e) {
return null;
}
}