WebApps Authorization Issue

Alvent_Dwinata · March 16, 2021, 3:30am

Hello, I have a problem with WebApps Authorization when disabling CsrfPreventionFilter on springboot application, I already create CsrfAutoConfiguration (following this thread How to disable CsrfPreventionFilter? - #9 by Wesley_Connor) but another problem occured.

I can navigate to /app/admin/default/#/login but after I provide my credentials and click login I see the Admin page for a quick second, then it returns to the login screen. Looking a Chrome’s DevTools, I see the following XHR calls:

GET /api/engine/engine/
returns 200 with body [{“name”:“default”}]

POST /api/admin/auth/user/default/login/cockpit
returns 200 with body {“userId”:“alvent”,“authorizedApps”:[“admin”,“tasklist”,“welcome”,“cockpit”]}

GET /api/admin/auth/user/default
returns 404 with body {“timestamp”:“2021-03-16T03:21:59.107+0000”,“status”:404,“error”:“Not Found”,“message”:“Not Found”,“path”:"/api/admin/auth/user/default"}

GET /api/engine/engine/default/telemetry/configuration
returns 401 with body {“timestamp”:“2021-03-16T03:21:59.148+0000”,“status”:401,“error”:“Unauthorized”,“message”:“No message available”,“path”:"/api/engine/engine/default/telemetry/configuration"}

GET /api/engine/engine/default/task/count
returns 401 with body {“timestamp”:“2021-03-16T03:21:59.148+0000”,“status”:401,“error”:“Unauthorized”,“message”:“No message available”,“path”:"/api/engine/engine/default/task/count"}

GET /api/engine/engine/default/process-definition/count?latestVersion=true
returns 401 with body {“timestamp”:“2021-03-16T03:21:59.149+0000”,“status”:401,“error”:“Unauthorized”,“message”:“No message available”,“path”:"/api/engine/engine/default/process-definition/count"}

GET /api/engine/engine/default/process-definition/statistics?rootIncidents=true
returns 401 with body {“timestamp”:“2021-03-16T03:21:59.174+0000”,“status”:401,“error”:“Unauthorized”,“message”:“No message available”,“path”:"/api/engine/engine/default/process-definition/statistics"}

Can anyone please help me with this

anuraj · April 26, 2021, 12:24pm

Hi Team,

I am also facing issue with 7.13 version.
Could you please help us in solving this issue.

Niall · April 26, 2021, 1:21pm

You need to explain more details about your setup with Camunda.
Database, Distribution, Clustering etc.

anuraj · April 26, 2021, 1:45pm

@Niall
I am working with spring boot camunda 7.13
Defined my datasource (mysql)
I have dockerized by application.
And deploying it in kubernetes cluster and accessing my application with ingress controller
If i have1 replicas running at a point of time, it works

Moment i scale and say replica count increases , this authorization error is observed.

Niall · April 26, 2021, 1:49pm

You need to use sticky sessions when accessing the web apps.
If not, the first request will validate the login details for the users and the next request will go to a different node where the session details are not stored so the node will have no idea that the user is logged in.
Hope this helps.

anuraj · April 26, 2021, 2:34pm

@Niall Thank you for your swift response.
Problem is i dont want to use sticky sessions, my user base is going to increase and dont know how many containers i will end up with.
Is there any other way? Can i use some other authorization or session management?

Ingo_Richtsmeier · April 26, 2021, 3:26pm

Hi @anuraj,

as an alternative you try to setup session sharing between your spring-boot-applications: Architecture Overview | docs.camunda.org

Hope this helps, Ingo