Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Activiti Rest Security - Where is it being used?

stbill79
Champ in-the-making
Champ in-the-making

‎03-22-2016 12:10 PM

I've seen other posts and also dug through the activiti-rest, common, and activiti-spring-boot modules.

I believe I understand how to customize the security.

What I don't understand is WHERE the security is being used.

* I don't see any sort of identityService.setAuthenticatedUser… around any of the Spring MVC rest controllers.

* There is a dependency on Spring Security. But I don't see any refererences to SecurityContextHolder…

* Can't find any use of ServletRequest.getUserPrincipal or similar.

Unless I'm missing something, it seems you've forced authentication on the rest urls, but never actually do anything with the current user.

If that's the case, how does the process engine know which user is currently making calls?

Thanks,
Will

Labels:
0 Kudos
1 REPLY 1

jbarrez
Star Contributor
Star Contributor

‎03-25-2016 08:54 AM

Activiti does not have any security / permissioning built in. So for the engine setting setAuthenticatedUSer is enough to fill the audit daa properly.

When integrating with Activiti, you would have to add that yourself. For example, you can add LDAP authentication to your app with Spring Security, and set the authenticated user after a successful login.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC