Hello,
I’m trying to protect my Spring boot application hosting Camunda 7 with Spring security. In this application, I have a REST API which is protected with a JWT token and this part is working correctly.
After this, I’m trying to allow access to Camunda’s UI, so users will be able to authenticate using Camunda login page and Camunda user as defined in Camunda’s DB. My configuration for this is not working currently, I have some errors that create an infinite loop when I try to access to localhost:port/camunda/login
My security configuration is like this (avoiding token stuff for clarity)
@Bean
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth ->
auth.requestMatchers( "/camunda/login","/camunda/lib/**").permitAll()
.anyRequest().authenticated())
.formLogin(form ->
form.loginPage("/camunda/login")
.defaultSuccessUrl("/camunda/app/welcome/default/#!/welcome", true)
.permitAll())
.logout(logout ->
logout.clearAuthentication(true)
.logoutUrl("/camunda/logout")
.logoutSuccessUrl("/camunda/login?logout"));
return http.build();
}
Any help would be much appreciated.