topic Disable Activiti Rest secuirity in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/disable-activiti-rest-secuirity/m-p/215703#M168833 <HTML><HEAD></HEAD><BODY><SPAN>Hi , we have an existing spring boot application with our custom authentication, when we try to add activiti rest api we are getting below error .</SPAN><BR /><BR /><SPAN>@Order on WebSecurityConfigurers must be unique. Order of 100 was already used, so it cannot be used on org.activiti.spring.boot.SecurityAutoConfiguration$SecurityConfiguration$$EnhancerBySpringCGLIB$$48a22b60@6e442c8a too.</SPAN><BR /><BR /><BR /><SPAN>My Security config file </SPAN><BR /><BR /><BR /><SPAN>/**</SPAN><BR /><SPAN>* The SecurityConfiguration program initilized security configuration for&nbsp; </SPAN><BR /><SPAN>* Parts Hub Application</SPAN><BR /><SPAN>*</SPAN><BR /><SPAN>* @author&nbsp; Nuthan Kumar</SPAN><BR /><SPAN>* @version 1.0</SPAN><BR /><SPAN>* @since&nbsp;&nbsp; 6/27/2016</SPAN><BR /><SPAN>* ***************************************************************************</SPAN><BR /><SPAN>* History : 6/27/2016 Created with default configure method with csrf filters</SPAN><BR /><SPAN>* &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;6/28/2016 added Rest Auth success and error handlers</SPAN><BR /><SPAN>* &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;6/29/2016&nbsp; added remind me feature</SPAN><BR /><SPAN>*&nbsp; **************************************************************************</SPAN><BR /><SPAN>*&nbsp; TODO : 1) update/replace configureGlobal with actula authentication</SPAN><BR /><SPAN>*&nbsp; **************************************************************************</SPAN><BR /><SPAN>*/</SPAN><BR /><BR /><SPAN>package com.globalfoundries.partshub.configuration;</SPAN><BR /><BR /><BR /><SPAN>import org.slf4j.Logger;</SPAN><BR /><SPAN>import org.slf4j.LoggerFactory;</SPAN><BR /><SPAN>import org.springframework.beans.factory.annotation.Autowired;</SPAN><BR /><SPAN>import org.springframework.boot.autoconfigure.EnableAutoConfiguration;</SPAN><BR /><SPAN>import org.springframework.context.annotation.ComponentScan;</SPAN><BR /><SPAN>import org.springframework.context.annotation.Configuration;</SPAN><BR /><SPAN>import org.springframework.core.annotation.Order;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.web.builders.HttpSecurity;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.web.builders.WebSecurity;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;</SPAN><BR /><SPAN>import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;</SPAN><BR /><SPAN>import org.springframework.security.core.userdetails.UserDetailsService;</SPAN><BR /><SPAN>import org.springframework.security.web.access.AccessDeniedHandler;</SPAN><BR /><SPAN>import org.springframework.security.web.authentication.AuthenticationFailureHandler;</SPAN><BR /><SPAN>import org.springframework.security.web.authentication.AuthenticationSuccessHandler;</SPAN><BR /><SPAN>import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;</SPAN><BR /><BR /><BR /><SPAN>import com.globalfoundries.partshub.security.RememberMeServices;</SPAN><BR /><SPAN>import com.globalfoundries.partshub.security.RestUnauthorizedEntryPoint;</SPAN><BR /><SPAN>@Configuration</SPAN><BR /><SPAN>@EnableWebSecurity</SPAN><BR /><SPAN>@EnableAutoConfiguration(exclude = {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; org.activiti.spring.boot.RestApiAutoConfiguration.class,</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; org.activiti.spring.boot.SecurityAutoConfiguration.class})</SPAN><BR /><BR /><SPAN>@ComponentScan(basePackages = {"com.globalfoundries.partshub.security"})</SPAN><BR /><SPAN>public class SecurityConfiguration extends WebSecurityConfigurerAdapter {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp; public static final String REMEMBER_ME_KEY = "rememberme_key";</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; public SecurityConfiguration() {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; super();</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("loading SecurityConfig ………………………………………… ");</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; private UserDetailsService userDetailsService;</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; private RestUnauthorizedEntryPoint restAuthenticationEntryPoint;</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; private AccessDeniedHandler restAccessDeniedHandler;</SPAN><BR /><BR /><SPAN>//&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp; //&nbsp; private RememberMeServices rememberMeServices;</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth.userDetailsService(userDetailsService);</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Override</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; public void configure(WebSecurity web) throws Exception {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; web.ignoring().antMatchers("/resources/**", "/index.html", "/login.html",</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "/partials/**", "/template/**", "/", "/error/**","/resources/img/**");</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Override</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protected void configure(HttpSecurity http) throws Exception {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .headers().disable()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .csrf().disable()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .authorizeRequests()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .antMatchers("/failure").permitAll()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .antMatchers("/users/**").hasAnyAuthority("admin")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .anyRequest().authenticated()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .exceptionHandling()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .authenticationEntryPoint(restAuthenticationEntryPoint)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .accessDeniedHandler(restAccessDeniedHandler)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .formLogin()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .loginProcessingUrl("/authenticate")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .successHandler(restAuthenticationSuccessHandler)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .failureHandler(restAuthenticationFailureHandler)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .usernameParameter("username")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .passwordParameter("password")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .permitAll()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .logout()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .logoutUrl("/logout")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .deleteCookies("JSESSIONID")</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .permitAll()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and();</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //&nbsp;&nbsp; .rememberMe()</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //&nbsp;&nbsp;&nbsp;&nbsp; .rememberMeServices(rememberMeServices)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //&nbsp;&nbsp; .key(REMEMBER_ME_KEY)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // .and();</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;@Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; private AuthenticationSuccessHandler restAuthenticationSuccessHandler;</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp; @Autowired</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; private AuthenticationFailureHandler restAuthenticationFailureHandler;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>}</SPAN><BR /><BR /><SPAN>Any idea on how to fix this ..?</SPAN></BODY></HTML> Mon, 11 Jul 2016 19:09:40 GMT nuthan 2016-07-11T19:09:40Z Disable Activiti Rest secuirity https://connect.hyland.com/t5/alfresco-archive/disable-activiti-rest-secuirity/m-p/215703#M168833 Hi , we have an existing spring boot application with our custom authentication, when we try to add activiti rest api we are getting below error .@Order on WebSecurityConfigurers must be unique. Order of 100 was already used, so it cannot be used on org.activiti.spring.boot.SecurityAutoConfiguration Mon, 11 Jul 2016 19:09:40 GMT https://connect.hyland.com/t5/alfresco-archive/disable-activiti-rest-secuirity/m-p/215703#M168833 nuthan 2016-07-11T19:09:40Z Re: Disable Activiti Rest secuirity https://connect.hyland.com/t5/alfresco-archive/disable-activiti-rest-secuirity/m-p/215704#M168834 <HTML><HEAD></HEAD><BODY><P>Issue is because order is conflicting between rest Security adapter and spring security adapter, I had the same issue I just annotated out spring security configuration with</P><P>@Configuration<BR />@EnableWebSecurity<BR />@Order(99)<BR />public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {</P><P></P><P>}</P><P></P><P>hope it helps</P></BODY></HTML> Thu, 18 May 2017 09:08:21 GMT https://connect.hyland.com/t5/alfresco-archive/disable-activiti-rest-secuirity/m-p/215704#M168834 ritesh_nailwal 2017-05-18T09:08:21Z