REST API authentication

In the doc Configure Authentication | i find:

" In the pre-built distributions, the engine authentication is switched off by default. You may have a look at the distribution’s web.xml file and remove the comment markers from the above mentioned filter declaration to activate authentication."

But I cannot find any lines to ‘uncomment’. There are no such lines.

So I should put these lines but where? Where exactly in web.con file?


Suppose these lines are there. What about users and passwords?

We had a new installation and the same problem, seems there might be some new changes that are not reflected in the documentation.

BTW, I believe it goes in the Application folder web.xml

I found it in:


But no idea what the user and password is (where is user ‘database’). User management panel in Camunda?

In GUI go to Authorizations => Process Definition and add user or group to " Process Definition Authorizations"

…if you want to use ‘engine-rest/process-definition/key/some-process/start’
for instance: