@rob2universe I experimented this in my local machine and I recompiled Camunda run from source code with added spring security. One thing I observed about spring security is that It hijacks the application security completely and overrides Camunda’s basic authentication completely. SO we need to implement basic authentication via spring security.
Workaround I am thinking: Add a flag to disable Spring security conditionally :
Disable Spring security by default on application
@SpringBootApplication ( exclude = {SecurityAutoConfiguration.class} )
@Import(MySecurityConfiguration.class)
public class MyApplication{
}
Security Configuration
@Configuration
@ConditionalOnProperty ( "default.spring.security.enabled" )
@Import ( SecurityAutoConfiguration.class
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {
}
Obviously we need to improve this as WebSecurityConfigurerAdapter is deprecated and SecurityFilterChain is recommended.
Will keep you updated on progress.