Illegal WebApp Configuration Exception: When deploying using Container Based Authentication Filter

shan-96 · April 29, 2021, 5:05pm

I am using camunda-bpm-platform:tomcat-7.14.0 docker image and copying some external libs to relevant lib folders to deploy my camunda application.

I want to enable SSO so I have modified my webapps/camunda/WEB-INF/web.xml with below additions:

<!-- Container Based Authentication filter is uncommented now-->
    <filter>
        <filter-name>Container Based Authentication Filter</filter-name>
        <filter-class>org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter</filter-class>
        <init-param>
            <param-name>authentication-provider</param-name>
            <param-value>com.my.package.sso.MyAuthenticationProvider</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>Container Based Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

    <!-- The default Authentication filter is commented out-->
    <!--<filter>
        <filter-name>Authentication Filter</filter-name>
        <filter-class>org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>-->

But when I try to access the camunda homepage I now get Internal Server Error (500) and this is the host log trace
29-Apr-2021 16:19:28.726 SEVERE [http-nio-8080-exec-4] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/camunda] threw exception org.camunda.bpm.webapp.impl.IllegalWebAppConfigurationException: No process engine found. camunda Webapp cannot work without a process engine. at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.getDefaultEngineName(ProcessEnginesFilter.java:201) at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.serveIndexPage(ProcessEnginesFilter.java:168) at org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter.applyFilter(ProcessEnginesFilter.java:126) at org.camunda.bpm.webapp.impl.filter.AbstractTemplateFilter.doFilter(AbstractTemplateFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.camunda.bpm.webapp.impl.security.filter.headersec.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.camunda.bpm.webapp.impl.security.filter.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:177) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.camunda.bpm.webapp.impl.security.filter.SecurityFilter.doFilterSecure(SecurityFilter.java:73) at org.camunda.bpm.webapp.impl.security.filter.SecurityFilter.doFilter(SecurityFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter.doFilter(ContainerBasedAuthenticationFilter.java:87) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

The class MyAuthenticationProvider is simple and implements AuthenticationProvider

public class MyAuthenticationProvider implements AuthenticationProvider {

  @Override
  public AuthenticationResult extractAuthenticatedUser(
      HttpServletRequest request, ProcessEngine engine) {
    // return true for now..
    return AuthenticationResult.successful("test-user");
  }

  @Override
  public void augmentResponseByAuthenticationChallenge(
      HttpServletResponse response, ProcessEngine engine) {}
}

I dont even understand how to debug this issue. Can anyone please help?

cpbpm · April 29, 2021, 5:23pm

I would recommend to take a look at plugin which is already provided. From there, you implement/modify the code to implement custom SSO.

shan-96 · April 29, 2021, 5:29pm

What if I dont want to use keycloak? As per documentation here I can use any type of provider

cpbpm · April 29, 2021, 5:34pm

What i mentioned here, you can refer to take some input and implement custom SSO. There are few sample code available already, you can refer it.

GitHub - camunda/camunda-sso-snippets: Camunda BPM Webapp with SSO in for Wildfly/JBoss AS7.

It’s easy to debug when you use on-premise Camunda app instead of docker container, I would recommend to take that approach.

shan-96 · April 29, 2021, 5:41pm

I already referred them and I am doing exactly that. My question is more fundamental. I am not looking for a quick snippet or plugin.

I want to know why a known feature is throwing a completely unexpected error just on using a different implementation of same class. Because in my web.xml if I replace the authentication-provider param with ContainerBasedAuthenticationProvider everything works fine as expected