I have a project with some existing (not really working code) and two filters processEngineAuthenticationFilter and containerBasedAuthenticationFilter.
But I am not really understanding how to configure these filters.
Here as an example the processEngineAuthenticationFilter()
@Bean
public FilterRegistrationBean<Filter> processEngineAuthenticationFilter() {
FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
registration.setName("auth-filter-name");
registration.setFilter(getProcessEngineAuthenticationFilter());
registration.setInitParameters(Collections.singletonMap("authentication-provider",
"CustomAuthenticationProviderClass"));
// following line needed?
// registration.addUrlPatterns("/engine-rest/*");
return registration;
}
I had to disable this in processess.xml under process-engine authorizationEnabled false.
There were some issues that there was no user found in the class customAuthenticationProviderClass that got set in the filter with
registration.setInitParameters(Collections.singletonMap("authentication-provider",
"CustomAuthenticationProviderClass"));
here is the some part of the class
@Override
public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return AuthenticationResult.unsuccessful();
}
User user = ((User) authentication.getPrincipal());
String id = user.getId();
List<String> groups = ((User) authentication.getPrincipal()).getGroups();
if (id == null || id.isEmpty()) {
return AuthenticationResult.unsuccessful();
}
AuthenticationResult authenticationResult = new AuthenticationResult(id, true);
createUser(user, engine);
createGroups(groups, engine);
checkGroupMemberShip(user, groups, engine);
authenticationResult.setGroups(groups);
return authenticationResult;
}
So actually my initial question is very basic. Where is this user set? This filter seems to handle authentication for requests to the rest api under the engine-rest endpoint. If I have worker nodes which are trying do stuff like fetch and lock would they need to provide a user? Where can I store theses users on the process engine side? Because at the moment I just get errors because of something with the User object. Can you tell me what is SecurityContextHolder? Also I am interested if I need to write addUrl(/engine-rest/*) in the filterchain or if that will get done automatically?
Also there is a configure method. Is that a Spring filterchain? Can I configure the other filterchains with it? How can I distinguish the settings of the two filterchains in this configure filterchain.
In the end I would need to decide if I need an authentication method for accessing the rest-engine and what authentication method should be selected. Accessing the web and app endpoints should be implemented with saml. But about the rest engine I am not so sure if that sensible and if it would work. What do you suggest?
Very basic questions, but I am new to this.