Hi
I am using a custom User table and a custom Group table in my Camunda embedded Spring Boot application in order to implement a custom identity flow and so far I have been successful in authn/z using my custom tables. But, whenever, I call the user endpoint of the embedded REST API, the response contains the fields from Camunda’s own tables. For eg. This is the response I get when I make a call to /engine-rest/user/
My custom table doesn’t have the firstName, lastName or email fields. But since the Java entity backing the table implements from the User interface, I have to write getters wherein I am returning empty strings for names and null for email.
Now getting empty data is fine by me. The problem lies in the fact that my custom entity also has a custom field called myField and as can be seen in the response, that field is not there. Is it possible to make sure that field is added in the response of the user endpoint in the embedded REST engine? I know I can write my custom endpoints but I want to keep that as a last option.
Let me know if more information is needed.
I have done some digging and found the interfaces UserRestService which is implemented by UserRestServiceImpl. Is it possible to hook our own implementation for this service?
We have a separate service which calls the Camunda REST API in order to create and assign tasks and as such I would like to fetch a user from my custom user before I call the task API.
I am using the newer Spring 5.2 mechanism. And this doesn’t seem to be a Spring security thing rather how they have implemented the REST API. When the user endpoint of the API gets called, Camunda calls this method in UserRestServiceImpl
public List<UserProfileDto> queryUsers(UriInfo uriInfo, Integer firstResult, Integer maxResults) {
UserQueryDto queryDto = new UserQueryDto(getObjectMapper(), uriInfo.getQueryParameters());
return queryUsers(queryDto, firstResult, maxResults);
}
As you can see the response is mapped into a DTO which has a concrete structure. If we can give our own implementation, I could have rewritten this method with my DTO.
Yes. If you need Camunda’s User Profile DTO I suggest, you implement a bridge between Spring Security and Camunda Identity Provider, as I did in my example.
I don’t need the inbuilt user’s DTO and I have already implemented a working custom identity provider. My requirement is to use my custom user DTO instead of the inbuilt user DTO in the inbuilt REST API
Yes. My Authentication is using Spring Security OAuth 2. Technically, the provider is a Keycloak, but since it is a default SSO using OAuth it doesn’t matter.
So I do all the security using default Spring security and completely rely on SSO.
Authorization of Camunda (internal one) is switched off because of performance reasons.
Yeah, that’s pretty much what I was looking into doing and wanted to try customizing the inbuilt REST engine but I haven’t found a way to do so. Registering a component which implements the underlying service interface UserRestService doesn’t seem to work. Am I missing something?