Camunda REST is Forbidden

Hi,

I am upgrading Camunda from 7.14 to 7.20 and in the process I have also upgraded Java from 8 to 17 and Springboot from 2.7 to 3.0.

I now see that the APIs are forbidden. ex: the below one when I try to login into cockpit:

/rest/camunda/api/admin/auth/user/default/login/cockpit

Please suggest how to resolve the issue.

Thank you,

Hi,

I was able to resolve it by adding Security Config.
Sample below:

@Configuration
@EnableWebSecurity
public class SecurityConfig {

@Bean
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
	return new MvcRequestMatcher.Builder(introspector);
}

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
	//http.csrf(Customizer.withDefaults());

	http.cors(cors -> cors.configurationSource(request -> {
		CorsConfiguration configuration = new CorsConfiguration();
		configuration.setAllowCredentials(true); 
		configuration.setAllowedOriginPatterns(Arrays.asList("*"));
		configuration.addAllowedHeader("*"); 
		configuration.addAllowedMethod("*");
		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
		source.registerCorsConfiguration("/**",configuration); 

		return configuration;
	}));

	http.csrf().disable(); 	

	http .authorizeHttpRequests((authorize) -> authorize
			.requestMatchers(mvc.pattern("/camunda/api/**")).permitAll()
			.requestMatchers(AntPathRequestMatcher.antMatcher("/**")).permitAll()
			.requestMatchers(AntPathRequestMatcher.antMatcher("/h2-console/**")).permitAll()
			.anyRequest().authenticated());


	http.headers().frameOptions().sameOrigin();	
	return http.build();
}

}