Camunda - SSO Keycloak (GitHub)

Community Community Extensions
19

Hi @Karim_Gillani,

the engine’s REST API is included in the demo.

  • Generall security configuration of the showcase can be found in org.camunda.bpm.extension.keycloak.showcase.sso.WebAppSecurityConfig.
  • There is no security for REST API endpoint (http://<myhost>/camunda/engine-rest/engine) at the current state of the demo
  • Please set logging of org.springframework.security to DEBUG in order to find out what’s wrong.

Hint: you might want to switch off CSRF for the engine’s REST API:

@ConditionalOnMissingClass("org.springframework.test.context.junit4.SpringJUnit4ClassRunner")
@Configuration 
@EnableOAuth2Sso
public class WebAppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
	
	http
	.csrf().ignoringAntMatchers("/api/**", "/engine-rest/**")
	.and()    	
	.antMatcher("/**")
	.authorizeRequests()
	  .antMatchers("/app/**")
	  .authenticated()
	.anyRequest()
	.permitAll()
	;
}

After that all requests to the REST API including the upload of process deployments should work wthout any autorization.

Please be aware, that you should prevent accessing the REST API for unauthorized people. Hence a security filter for the REST API is inevitable in production.

Gunnar

1 Like