Hi,
I am upgrading Camunda from 7.14 to 7.20 and in the process I have also upgraded Java from 8 to 17 and Springboot from 2.7 to 3.0.
I now see that the APIs are forbidden. ex: the below one when I try to login into cockpit:
/rest/camunda/api/admin/auth/user/default/login/cockpit
Please suggest how to resolve the issue.
Thank you,
Hi,
I was able to resolve it by adding Security Config.
Sample below:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
return new MvcRequestMatcher.Builder(introspector);
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
//http.csrf(Customizer.withDefaults());
http.cors(cors -> cors.configurationSource(request -> {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.setAllowedOriginPatterns(Arrays.asList("*"));
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**",configuration);
return configuration;
}));
http.csrf().disable();
http .authorizeHttpRequests((authorize) -> authorize
.requestMatchers(mvc.pattern("/camunda/api/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/h2-console/**")).permitAll()
.anyRequest().authenticated());
http.headers().frameOptions().sameOrigin();
return http.build();
}
}
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.