Turn On Basic HTTP Authentication for REST API in Spring Boot

Hello, I’m new in camunda.

I read this document about Basic HTTP authentication

How to turn on Basic HTTP Authentication for REST API in Spring Boot?
Can someone help me with example to configure it?

Thank you.


Finally I solved this problem. Just add this configuration class.

public class CamundaSecurityFilter {

	public FilterRegistrationBean processEngineAuthenticationFilter() {
		FilterRegistrationBean registration = new FilterRegistrationBean();
		return registration;

	public Filter getProcessEngineAuthenticationFilter() {
		return new ProcessEngineAuthenticationFilter();

its worked for me. But we should be careful with when using in-memory H2 DB, if anyone configured H2 datasource with “:mem”. Data will lost on restart of application so all the users will be deleted. For that bootstrap sql scripts to insert the users or else use “:file”

@ davidch,

Thank you for this post. I know this is an old post, but I can’t help thanking you for figuring this one out that saved me countless hours of struggling on how to do this for Spring boot application. I will see if we can add this to the Camunda document for future newbies like me.

1 Like

It works. Thank you

1 Like

Hi @Niall @siben_nayak @carbon_60 @aravindhrs @davidch , Can someone address on this issue

i am facing the issue , i have used the same filter

    public FilterRegistrationBean<ProcessEngineAuthenticationFilter> restFilterRegistrationBean() {
        FilterRegistrationBean<ProcessEngineAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
        ProcessEngineAuthenticationFilter customFilter = new ProcessEngineAuthenticationFilter();
        registrationBean.setOrder(1); //set precedence
        return registrationBean;

Also i have the AutoLoginAuthenticationFilter


for setting the camunda session via sso session.

After all this i have the below issue :

java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:3007) ~[tomcat-embed-core-9.0.21.jar:9.0.21] at org.apache.catalina.connector.Request.getSession(Request.java:2442) ~[tomcat-embed-core-9.0.21.jar:9.0.21]