Hi All,
We are using camunda-bpm-run-7.17.0(standalone process engine-not embedded springboot) to deploy camunda apps. We have a requirement to add JWT authentication to all API calls. We already have custom code to parse JWT. I am not sure where to enable this filter so that all api calls are authenticated. Any help will be appreciated
Hello @Varun_k ,
under the hood, camunda run is built using spring-boot. So extending is possible by using an executable jar file with the PropertiesLauncher (example here).
Now, you can use spring-boot mechanics to enable jwt auth for your api-context and extracting the user id to bridge towards the engine auth with the ContainerBasedAuthenticationProvider. If you want to see an example (using OAuth2), please look here.
I hope this helps
Jonathan
Hi Jonathan, Thank you for your reply. I was able to follow this and implement solution. I have another question, i would like to add Spring actuator as a dependency jar to camunda bpm run. Should i just drop actuator related jars in bpm run folder or how do i integrate actuator to this app