Hello, We are trying to hide the REST APIs to the user which are not be used currently. For this we are using camunda concept of securityFilterRules.json. Below is my dummy definition:
{
“pathFilter”: {
“deniedPaths” : [
{ “path”: “/engine/{engine}/history/process-instance/.", “methods” : “GET” }
],
“allowedPaths” : [
{ “path”: "/engine/{engine}/deployment/.”, “methods” : “*” , “authorizer” : “org.camunda.bpm.webapp.impl.security.filter.ApplicationRequestAuthorizer”}
]
}
}
Problem is, if I try to assess below URL I get a result.
http://MachineName:8080/rest/engine/default/history/process-instance/
But from what I understood, it should not be the case, as it is mentioned in denied paths, the operation should fail. Please suggest if I am doing anything wrong. Thanks.