REST API authentication

In the doc Configure Authentication | docs.camunda.org i find:

" In the pre-built distributions, the engine authentication is switched off by default. You may have a look at the distribution’s web.xml file and remove the comment markers from the above mentioned filter declaration to activate authentication."

But I cannot find any lines to ‘uncomment’. There are no such lines.

So I should put these lines but where? Where exactly in web.con file?

<filter>
  <filter-name>camunda-auth</filter-name>
  <filter-class>
    org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
  </filter-class>
  <async-supported>true</async-supported>
  <init-param>
    <param-name>authentication-provider</param-name>
    <param-value>org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>camunda-auth</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Suppose these lines are there. What about users and passwords?

We had a new installation and the same problem, seems there might be some new changes that are not reflected in the documentation.

BTW, I believe it goes in the Application folder web.xml

I found it in:

camunda-bpm-tomcat-7.14.0\server\apache-tomcat-9.0.36\webapps\engine-rest\WEB-INF\web.xml

But no idea what the user and password is (where is user ‘database’). User management panel in Camunda?

OK
In GUI go to Authorizations => Process Definition and add user or group to " Process Definition Authorizations"

…if you want to use ‘engine-rest/process-definition/key/some-process/start’
for instance:

http://user:password@localhost:8080/engine-rest/process-definition/key/some-process-2/start