topic Activiti Rest Security - Where is it being used? in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/activiti-rest-security-where-is-it-being-used/m-p/233002#M186132 <HTML><HEAD></HEAD><BODY><SPAN>I've seen other posts and also dug through the activiti-rest, common, and activiti-spring-boot modules. </SPAN><BR /><BR /><SPAN>I believe I understand how to customize the security.</SPAN><BR /><BR /><SPAN>What I don't understand is WHERE the security is being used. </SPAN><BR /><BR /><SPAN>* I don't see any sort of identityService.setAuthenticatedUser… around any of the Spring MVC rest controllers. </SPAN><BR /><BR /><SPAN>* There is a dependency on Spring Security. But I don't see any refererences to SecurityContextHolder…</SPAN><BR /><BR /><SPAN>* Can't find any use of ServletRequest.getUserPrincipal or similar.</SPAN><BR /><BR /><SPAN>Unless I'm missing something, it seems you've forced authentication on the rest urls, but never actually do anything with the current user. </SPAN><BR /><BR /><SPAN>If that's the case, how does the process engine know which user is currently making calls?</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Will</SPAN><BR /><BR /></BODY></HTML> Tue, 22 Mar 2016 16:10:29 GMT stbill79 2016-03-22T16:10:29Z Activiti Rest Security - Where is it being used? https://connect.hyland.com/t5/alfresco-archive/activiti-rest-security-where-is-it-being-used/m-p/233002#M186132 I've seen other posts and also dug through the activiti-rest, common, and activiti-spring-boot modules. I believe I understand how to customize the security.What I don't understand is WHERE the security is being used. * I don't see any sort of identityService.setAuthenticatedUser… around any of the Tue, 22 Mar 2016 16:10:29 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-security-where-is-it-being-used/m-p/233002#M186132 stbill79 2016-03-22T16:10:29Z Re: Activiti Rest Security - Where is it being used? https://connect.hyland.com/t5/alfresco-archive/activiti-rest-security-where-is-it-being-used/m-p/233003#M186133 <HTML><HEAD></HEAD><BODY><SPAN>Activiti does not have any security / permissioning built in. So for the engine setting setAuthenticatedUSer is enough to fill the audit daa properly.</SPAN><BR /><BR /><SPAN>When integrating with Activiti, you would have to add that yourself. For example, you can add LDAP authentication to your app with Spring Security, and set the authenticated user after a successful login.</SPAN></BODY></HTML> Fri, 25 Mar 2016 12:54:33 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-security-where-is-it-being-used/m-p/233003#M186133 jbarrez 2016-03-25T12:54:33Z