Make Camunda REST API reflect custom User tables

I am using a custom User table and a custom Group table in my Camunda embedded Spring Boot application in order to implement a custom identity flow and so far I have been successful in authn/z using my custom tables. But, whenever, I call the user endpoint of the embedded REST API, the response contains the fields from Camunda’s own tables. For eg. This is the response I get when I make a call to /engine-rest/user/

        "id": "ac5545c1-1111-4796-8873-a274f50b4225",
        "firstName": "",
        "lastName": "",
        "email": null
        "id": "00ad90c9-0276-3c39-833d-76481a4c0b4f",
        "firstName": "",
        "lastName": "",
        "email": null

My custom table doesn’t have the firstName, lastName or email fields. But since the Java entity backing the table implements from the User interface, I have to write getters wherein I am returning empty strings for names and null for email.
Now getting empty data is fine by me. The problem lies in the fact that my custom entity also has a custom field called myField and as can be seen in the response, that field is not there. Is it possible to make sure that field is added in the response of the user endpoint in the embedded REST engine? I know I can write my custom endpoints but I want to keep that as a last option.
Let me know if more information is needed.

1 Like

I have done some digging and found the interfaces UserRestService which is implemented by UserRestServiceImpl. Is it possible to hook our own implementation for this service?

What is the context behind calling the REST Api?

I am not sure if I understand you correctly but the intention behind calling the API is to get the user details associated with the custom user.

I just wanted to understand what you do with result from the custom table ?

You have your own custom UI and want to use it over there?

We have a separate service which calls the Camunda REST API in order to create and assign tasks and as such I would like to fetch a user from my custom user before I call the task API.

Just see this… I guess you implemented SSO for login.

I am using the newer Spring 5.2 mechanism. And this doesn’t seem to be a Spring security thing rather how they have implemented the REST API. When the user endpoint of the API gets called, Camunda calls this method in UserRestServiceImpl

  public List<UserProfileDto> queryUsers(UriInfo uriInfo, Integer firstResult, Integer maxResults) {
    UserQueryDto queryDto = new UserQueryDto(getObjectMapper(), uriInfo.getQueryParameters());
    return queryUsers(queryDto, firstResult, maxResults);

As you can see the response is mapped into a DTO which has a concrete structure. If we can give our own implementation, I could have rewritten this method with my DTO.

Yes. If you need Camunda’s User Profile DTO I suggest, you implement a bridge between Spring Security and Camunda Identity Provider, as I did in my example.

I don’t need the inbuilt user’s DTO and I have already implemented a working custom identity provider. My requirement is to use my custom user DTO instead of the inbuilt user DTO in the inbuilt REST API

Yes. My Authentication is using Spring Security OAuth 2. Technically, the provider is a Keycloak, but since it is a default SSO using OAuth it doesn’t matter.

So I do all the security using default Spring security and completely rely on SSO.
Authorization of Camunda (internal one) is switched off because of performance reasons.

Then, I think, you’ll have to modify the implementation of the REST API. Or provide your own one for this functionality.

Yeah, that’s pretty much what I was looking into doing and wanted to try customizing the inbuilt REST engine but I haven’t found a way to do so. Registering a component which implements the underlying service interface UserRestService doesn’t seem to work. Am I missing something?

hi, can i get your code Custom user interface implementation?
i need your help, please!