first I´d like to mention that I have only extremely limited knowledge about the inner workings of camunda BPM. Also I’m not sure if this is the correct place to post this assortment of questions, but I dearly hope not to violate any rules.
I am configuring a vulnerable machine for study purposes. The whole setup includes multiple challenges to complete in order to fully solve the challenge. The first challenge includes Camunda BPM. I want to hide critical information within a process, which can be used for further access to the underlying infrastructure. So the challenge does not refer to a vulnerability in camunda itself but serves to create awareness about this technology. Anyway:
I need to deploy a bpmn 2.0 Model that I created. Right now I´m running Tomcat 9 directly on the machine, which is a must for this challenge.
I downloaded the standalone war for tomcat(Install the Standalone Webapplication (.war) | docs.camunda.org) and deployed it in the /tomcat/webapps/ directory. I cant find information on how to deploy the model I created with this standalone-version of camunda. Is it possible to use the REST API? I tried that and had problems with authorization(post request which included the bpm was understood but not accepted).
I thought about installing camunda manually(Install the Full Distribution on a Tomcat Application Server manually | docs.camunda.org). How would the bpmn file be deployed in this case? And would I have to configure a DB(as I understand the documentation this is not the case since it is automatically taken care of). To me the documentation is very unclear in regards to a full manual install and the specific deployment process. I assume I would have to use the API as well?
Which would be the preferred way to go? I remember that in university we used the camunda version with the preconfigured tomcat installation+java,maven etc. Unfortunately running the preconfigured tomcat install is not an option.
Any help would be appreciated since this has been on my mind for quite a while now.