https://connect.hyland.com/t5/alfresco-archive/authenticateduserid-no-set-in-rest-5-16-4/m-p/199109#M152239 <HTML><HEAD></HEAD><BODY><SPAN>Using configuration in activiti-webapp-rest2, authenticatedUserId is only passed to Activiti on first REST call only. Due to spring security settings which saves authentication in session, BasicAuthenticationProvider.authenticate() gets called only once per session, resulting in not passing authenticatedUserId to Activiti.</SPAN><BR /><BR /><SPAN>To fix this sessionManagement and securityContext needs to be disabled by modifying SecurityConfiguration.configure() as follows:</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp;&nbsp; http<BR />&nbsp;&nbsp;&nbsp; .authenticationProvider(authenticationProvider())<BR />&nbsp;&nbsp;&nbsp; .csrf().disable()<BR />&nbsp;&nbsp;&nbsp; .sessionManagement().disable()<BR />&nbsp;&nbsp;&nbsp; .securityContext().disable()<BR />&nbsp;&nbsp;&nbsp; .authorizeRequests()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .anyRequest().authenticated()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()<BR />&nbsp;&nbsp;&nbsp; .httpBasic();<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Sun, 26 Oct 2014 00:33:01 GMT balsarori 2014-10-26T00:33:01Z https://connect.hyland.com/t5/alfresco-archive/authenticateduserid-no-set-in-rest-5-16-4/m-p/199109#M152239 Using configuration in activiti-webapp-rest2, authenticatedUserId is only passed to Activiti on first REST call only. Due to spring security settings which saves authentication in session, BasicAuthenticationProvider.authenticate() gets called only once per session, resulting in not passing authenti Sun, 26 Oct 2014 00:33:01 GMT https://connect.hyland.com/t5/alfresco-archive/authenticateduserid-no-set-in-rest-5-16-4/m-p/199109#M152239 balsarori 2014-10-26T00:33:01Z https://connect.hyland.com/t5/alfresco-archive/authenticateduserid-no-set-in-rest-5-16-4/m-p/199110#M152240 <HTML><HEAD></HEAD><BODY><SPAN>Wow - very good catch!</SPAN><BR /><BR /><SPAN>We eventually went with&nbsp; .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) instead of disable().</SPAN><BR /><SPAN>This also allows to keep the securityContext() enabled, which might come in handy one day.</SPAN><BR /><BR /><SPAN>It's fixed here: </SPAN><A href="https://github.com/Activiti/Activiti/commit/3bb10cf9e44f531d70d09b05fc6916acf3e4b2a2" rel="nofollow noopener noreferrer">https://github.com/Activiti/Activiti/commit/3bb10cf9e44f531d70d09b05fc6916acf3e4b2a2</A><BR /><BR /><SPAN>It's a bug commit, cause we wanted to make sure we catch this error in test, so we refactored from using a new HttpClient instance for each call to using a shared one for all tests (which indeed highlighted your issue and didn't show it before).</SPAN><BR /><BR /><SPAN>This post is exactly one of the reasons why I keep visiting the forum every day. Really nice catch. Thanks!</SPAN></BODY></HTML> Mon, 27 Oct 2014 18:25:28 GMT https://connect.hyland.com/t5/alfresco-archive/authenticateduserid-no-set-in-rest-5-16-4/m-p/199110#M152240 jbarrez 2014-10-27T18:25:28Z