https://connect.hyland.com/t5/alfresco-archive/how-to-disable-activiti-rest-http-basic-authentication/m-p/205858#M158988 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><SPAN>&nbsp; We are using activiti v5.18 and spring boot. To invoke activiti REST API, we have to create a activiti user to pass basic authentication. As I know, activiti security is based on spring boot security, we tried two approaches.</SPAN><BR /><SPAN>&nbsp; 1) exclude activiti spring boot security auto config</SPAN><BR /><SPAN>@EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class})</SPAN><BR /><SPAN>&nbsp; 2) create a class to extend spring class 'WebSecurityConfigurerAdapter), and set 'security.basic.enabled=false' in application.properties</SPAN><BR /><SPAN>&nbsp;&nbsp; @Configuration</SPAN><BR /><SPAN>@EnableWebSecurity</SPAN><BR /><SPAN>@EnableGlobalMethodSecurity(prePostEnabled = true)</SPAN><BR /><SPAN>@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)</SPAN><BR /><SPAN>public class WebSecurityConfig extends WebSecurityConfigurerAdapter {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;@Override</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; protected void configure(HttpSecurity http) throws Exception {</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // @formatter<img id="smileysurprised" class="emoticon emoticon-smileysurprised" src="https://connect.hyland.com/i/smilies/16x16_smiley-surprised.png" alt="Smiley Surprised" title="Smiley Surprised" />ff</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .authorizeRequests()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .anyRequest().authenticated()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .formLogin()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .httpBasic().disable()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .requiresChannel().anyRequest().requiresSecure();</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // @formatter<img id="smileysurprised" class="emoticon emoticon-smileysurprised" src="https://connect.hyland.com/i/smilies/16x16_smiley-surprised.png" alt="Smiley Surprised" title="Smiley Surprised" />n</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>}</SPAN><BR /><BR /><SPAN>&nbsp; unfortunately, none of them disable the basic authentication, when I go to page '</SPAN><A href="http://localhost:8080/repository/deployments" rel="nofollow noopener noreferrer">http://localhost:8080/repository/deployments</A><SPAN>', browser pops up user login window. and show error message on page</SPAN><BR /><BR /><SPAN>This application has no explicit mapping for /error, so you are seeing this as a fallback.</SPAN><BR /><BR /><SPAN>There was an unexpected error (type=Unauthorized, status=401).</SPAN><BR /><SPAN>Full authentication is required to access this resource</SPAN><BR /><SPAN>&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp; In addition, we have our own REST service, when client invoke our REST service, browser also asks to input activiti REST user/password.</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp; Is there any way to disable activiti REST HTTP basic authentication? </SPAN><BR /><BR /><SPAN>thanks, </SPAN></BODY></HTML> Sun, 23 Aug 2015 01:02:25 GMT neo1 2015-08-23T01:02:25Z https://connect.hyland.com/t5/alfresco-archive/how-to-disable-activiti-rest-http-basic-authentication/m-p/205858#M158988 Hello,&nbsp; We are using activiti v5.18 and spring boot. To invoke activiti REST API, we have to create a activiti user to pass basic authentication. As I know, activiti security is based on spring boot security, we tried two approaches.&nbsp; 1) exclude activiti spring boot security auto config@EnableAutoCo Sun, 23 Aug 2015 01:02:25 GMT https://connect.hyland.com/t5/alfresco-archive/how-to-disable-activiti-rest-http-basic-authentication/m-p/205858#M158988 neo1 2015-08-23T01:02:25Z https://connect.hyland.com/t5/alfresco-archive/how-to-disable-activiti-rest-http-basic-authentication/m-p/205859#M158989 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><SPAN>have a look here:</SPAN><BR /><A href="http://forums.activiti.org/content/disable-activiti-spring-rest-api-basic-authentication" rel="nofollow noopener noreferrer">http://forums.activiti.org/content/disable-activiti-spring-rest-api-basic-authentication</A></BODY></HTML> Mon, 24 Aug 2015 06:36:04 GMT https://connect.hyland.com/t5/alfresco-archive/how-to-disable-activiti-rest-http-basic-authentication/m-p/205859#M158989 vasile_dirla 2015-08-24T06:36:04Z