Setup of default admin with Springboot

nedge · February 1, 2023, 8:46am

I’m trying to setup a default admin account in our Springboot application using the following in our yml file

camunda.bpm:
   webapp:
      index-redirect-enabled: false
   admin-user:
      id: demo
      password: demo
      firstName: Demo

However, the admin-user is not being created. I also tried to add the variable in the application.properties file also to no avail.
Our Workflow configuration uses a SpringProcessEngineConfiguration to set stuff like deployment directories schema generation etc - could this be the problem that we’re bypassing some of the auto configure stuff - the app uses @EnableProcessApplication and are using the following dependencies
api “org.camunda.bpm:camunda-engine:$camundaVersion”,
“org.camunda.bpm:camunda-engine-spring:$camundaVersion”,
“org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter:$camundaVersion”,
“org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-test:$camundaVersion”,
“org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-rest:$camundaVersion”,
“org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-webapp:$camundaVersion”,

camundaVersion = “7.13.0”
springbootVersion=“2.6.6”
java 11

Can I turn on some logging to see what is happening? All the examples make it look like it should be trivial to get this working but somehow its not working for us

nedge · March 2, 2023, 2:14pm

So I found a solution to this problem. I just use some of the code in the DemoGenerator

github.com

camunda/camunda-bpm-platform/blob/master/examples/invoice/src/main/java/org/camunda/bpm/example/invoice/DemoDataGenerator.java#L216

      
        
            salesDemoAuth.setResourceId("demo");
            salesDemoAuth.addPermission(READ);
            authorizationService.saveAuthorization(salesDemoAuth);
            
            
Authorization salesJohnAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            salesJohnAuth.setGroupId("sales");
            salesJohnAuth.setResource(USER);
            salesJohnAuth.setResourceId("john");
            salesJohnAuth.addPermission(READ);
            authorizationService.saveAuthorization(salesJohnAuth);
            
            
Authorization manDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            manDemoAuth.setGroupId("management");
            manDemoAuth.setResource(USER);
            manDemoAuth.setResourceId("demo");
            manDemoAuth.addPermission(READ);
            authorizationService.saveAuthorization(manDemoAuth);
            
            
Authorization manPeterAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
            manPeterAuth.setGroupId("management");
            manPeterAuth.setResource(USER);

I use a PostConstruct method to check if the admin is there and if not create if:

User singleResult = identityService.createUserQuery().userId("admin").singleResult();
		if (singleResult != null) {
			return;
		}

		// Check the admin group exists
		if (identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
			Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
			camundaAdminGroup.setName("camunda BPM Administrators");
			camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
			identityService.saveGroup(camundaAdminGroup);
		}

		// Check the admin group has access to the resources
		for (Resource resource : Resources.values()) {
			if (authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource)
					.resourceId(ANY).count() == 0) {
				AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
				userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
				userAdminAuth.setResource(resource);
				userAdminAuth.setResourceId(ANY);
				userAdminAuth.addPermission(ALL);
				authorizationService.saveAuthorization(userAdminAuth);
			}
		}

		// Create the default workflow admin
		User user = identityService.newUser("admin");
		user.setFirstName("admin");
		user.setLastName("admin");
		user.setPassword(seedConfigurationService.getDefaultUserAccountPassword());
		user.setEmail("admin@xxxx.com");
		identityService.saveUser(user);

		identityService.createMembership(timerbeeWorkflowAdminId, Groups.CAMUNDA_ADMIN);