Hi everyone,
I had added a custom REST interface to my camunda Spring Boot app. And I wanted to secure that interface. So I searched a little bit around and came to the following solution:
First, you’ve got to configure the Security:
@Configuration
public class SecurityConfig
extends
WebSecurityConfigurerAdapter
{
@Autowired
private CamundaSecurityAuthenticationProvider provider;
@Override
protected void configure(HttpSecurity http)
throws Exception
{
//@formatter:off
http
.csrf().disable()
.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic();
//@formatter:on
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception
{
auth.authenticationProvider(provider);
}
}
And then, use your custom AuthenticationProvider:
@Component
public class CamundaSecurityAuthenticationProvider
implements
AuthenticationProvider
{
@Autowired
private IdentityService identityService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException
{
String name = authentication.getName();
String password = authentication.getCredentials().toString();
Authentication result;
boolean valid = identityService.checkPassword(name, password);
if (valid)
{
result = new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
}
else
{
result = null;
}
return result;
}
@Override
public boolean supports(Class<?> authentication)
{
boolean result = authentication.equals(UsernamePasswordAuthenticationToken.class);
return result;
}
}
The custom REST interface is now secured as planned. But if a user wants to log in with a Browser, he/she has to fill out the login form of the browser and afterwards Camunda’s login form. I’ve read in the forum some hints about xml-configuration called “filter”. But I can’t find any web.xml file.
Has anybody an idea how I can get out of this double login?
Many Thanks in advance!