Hi All,
I have created a custom spring boot project and integrated saml2 based okta integration with it and works fine locally. Now I want to create it as plugin to camunda-run distribution so I followed the excellent instructions in below guide from @rob2universe and
- I added a spring.factories inside META-INF to make the jar scannable and also added org.springframework.boot.loader.PropertiesLauncherentry to MANIFEST.MF
-
Exported the project to a jar file using command
maven clean package
-
Added this Jar to the class path of Camunda-run, it gets detected by spring framework but fails due to missing dependencies in camunda-run classpath for following pom dependencies
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-saml2-service-provider</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
How do I now make these dependencies as part of my custom plugin jar during export? I tried exporting all the dependences using maven-assembly plugin to my plugin jar but it also fails.
Workaround : I cloned camunda-run source code and added these dependencies to camaunda-run - core pom file and build it again from scratch. This time it works perfectly fine.
I don’t want to use above method as I want to use plugin architecture rather then building camunda-run again. Please suggest.
If I am able to make it work , I am planning to donate this to camunda community .
You can place additional jar into the userlib folder (Camunda Platform Run | docs.camunda.org), However, this won’t work for a complete Spring Security starter. There is more to be loaded during application bootstrap in this case. I am not aware of a way to add Spring Security to the RUN distribution. If you need Spring security, then you best switch to a Spring Boot build e.g. using https://start.camunda.com/
Hi @rob2universe Robert ,
I have realized this after spending 2 days that it is very tough to activate spring security inside camunda-run via plugin. For now I am proceeding with following solutions
- Custom spring-boot based solution
- Recompiled camunda-run with spring security and saml2 dependencies + custom sso plugin i created inside a spring-boot project
Thanks a lot
https://jira.camunda.com/browse/CAM-11308 address the requirement to include Spring Security in RUN ootb.
1 Like
@rob2universe I experimented this in my local machine and I recompiled Camunda run from source code with added spring security. One thing I observed about spring security is that It hijacks the application security completely and overrides Camunda’s basic authentication completely. SO we need to implement basic authentication via spring security.
Workaround I am thinking: Add a flag to disable Spring security conditionally :
Disable Spring security by default on application
@SpringBootApplication ( exclude = {SecurityAutoConfiguration.class} )
@Import(MySecurityConfiguration.class)
public class MyApplication{
}
Security Configuration
@Configuration
@ConditionalOnProperty ( "default.spring.security.enabled" )
@Import ( SecurityAutoConfiguration.class
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {
}
Obviously we need to improve this as WebSecurityConfigurerAdapter is deprecated and SecurityFilterChain is recommended.
Reference : Not possible to disable security with @ConditionalOnProperty anymore · Issue #12323 · spring-projects/spring-boot · GitHub
Will keep you updated on progress.