topic Rest Endpoint Security Override in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/rest-endpoint-security-override/m-p/234327#M187457 <HTML><HEAD></HEAD><BODY><SPAN>we are using Activiti Enterprise version 1.4.1. to improve our security we are planing to use token base authentication for public rest endpoints which is secured using Basic Authentication.Im new to Activiti development So i referred developer documentation and now need to override rest endpoint basic Authentication security. As explained in Developer documentation section, "12.1.1. REST Endpoints security override" i managed to create a extension but for testing purposes i reimplemented Basic Authentication.&nbsp; i followed these steps</SPAN><BR /><SPAN>1. create a spring boot project</SPAN><BR /><SPAN>2. added neccessory dependancies</SPAN><BR /><SPAN>3. created package com.activiti.extension.bean</SPAN><BR /><SPAN>4. created a class and implemented AlfrescoApiSecurityOverride</SPAN><BR /><BR /><SPAN>MySecurityOverride</SPAN><BR /><PRE class="language-java line-numbers"><CODE><BR />public class MySecurityOverride implements AlfrescoApiSecurityOverride {<BR /><BR />&nbsp;&nbsp;&nbsp; @Bean<BR />&nbsp;&nbsp;&nbsp; public AuthenticationProvider authenticationProvider() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return new MyAuthenticationProvider();<BR />&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;public void configure(HttpSecurity http) throws Exception {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .authenticationProvider(authenticationProvider())<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .csrf().disable()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .authorizeRequests()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .anyRequest().authenticated()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .and()<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .httpBasic();&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;}<BR />}<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>MyAuthentication provider class</SPAN><BR /><SPAN>(For testing purposes i implemented Basic Authentication)</SPAN><BR /><PRE class="language-java line-numbers"><CODE><BR />public class MyAuthenticationProvider implements AuthenticationProvider{<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp; @Autowired<BR />&nbsp;&nbsp;&nbsp;&nbsp; private IdentityService identityService;<BR />&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;public Authentication authenticate(Authentication authentication) throws AuthenticationException {<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String name = authentication.getName();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String password = authentication.getCredentials().toString();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; boolean authenticated = identityService.checkPassword(name, password);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; List&lt;String&gt; userkeys = identityService.getUserInfoKeys("admin@app.activiti.com");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (authenticated) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; List&lt;Group&gt; groups = identityService.createGroupQuery().groupMember(name).list();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Collection&lt;GrantedAuthority&gt; grantedAuthorities = new ArrayList&lt;GrantedAuthority&gt;();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for (Group group : groups) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; grantedAuthorities.add(new SimpleGrantedAuthority(group.getId()));<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; identityService.setAuthenticatedUserId(name);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //GrantedAuthorityImpl grantedAdmin = new GrantedAuthorityImpl("ROLE_ADMIN");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Collection&lt;GrantedAuthority&gt; grantedtest = new ArrayList();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //grantedtest.add(grantedAdmin);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return new UsernamePasswordAuthenticationToken(name, password, grantedtest);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } else {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; throw new BadCredentialsException("Authentication failed for this username and password");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public boolean supports(Class&lt;?&gt; authentication) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Boolean returnval = authentication.equals(UsernamePasswordAuthenticationToken.class);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return returnval;<BR />&nbsp;&nbsp;&nbsp;}<BR />}<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Problem is : </SPAN><BR /><SPAN>After implementing AlfrescoApiSecurityOverride interface i cant login to system using Activiti-app login page. browser gives a login prompt to add username and password at login page. after adding credentials to bowser login prompt i can go to activiti Home page. if i want to logout from the system, it gives this error. this seems like i cant override only public rest api endpoint security using AlfrescoApiSecurityOverride interface.</SPAN><BR /><PRE class="language-none line-numbers"><CODE>org.springframework.web.servlet.PageNotFound&nbsp; - No mapping found for HTTP request with URI [/activiti-app/app/logout] in DispatcherServlet with name 'appDispatcher'<SPAN class="line-numbers-rows"><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>right now im focusing on isolating activiti public rest api endpoint security. i only want to override security of public rest apis. Did i miss something. could you guide me to solve this problem?</SPAN><BR /><BR /><SPAN>Best Regards</SPAN><BR /><SPAN>Paul</SPAN><BR /><BR /><BR /><SPAN> </SPAN><BR /></BODY></HTML> Thu, 15 Sep 2016 10:07:44 GMT paulrda 2016-09-15T10:07:44Z Rest Endpoint Security Override https://connect.hyland.com/t5/alfresco-archive/rest-endpoint-security-override/m-p/234327#M187457 we are using Activiti Enterprise version 1.4.1. to improve our security we are planing to use token base authentication for public rest endpoints which is secured using Basic Authentication.Im new to Activiti development So i referred developer documentation and now need to override rest endpoint ba Thu, 15 Sep 2016 10:07:44 GMT https://connect.hyland.com/t5/alfresco-archive/rest-endpoint-security-override/m-p/234327#M187457 paulrda 2016-09-15T10:07:44Z Re: Rest Endpoint Security Override https://connect.hyland.com/t5/alfresco-archive/rest-endpoint-security-override/m-p/234328#M187458 <HTML><HEAD></HEAD><BODY><SPAN>Hi.. could you give me a guide? </SPAN><BR /></BODY></HTML> Mon, 19 Sep 2016 09:31:59 GMT https://connect.hyland.com/t5/alfresco-archive/rest-endpoint-security-override/m-p/234328#M187458 paulrda 2016-09-19T09:31:59Z