Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authenticatedUserId no set in REST 5.16.4

balsarori
Champ on-the-rise
Champ on-the-rise

‎10-25-2014 08:33 PM

Using configuration in activiti-webapp-rest2, authenticatedUserId is only passed to Activiti on first REST call only. Due to spring security settings which saves authentication in session, BasicAuthenticationProvider.authenticate() gets called only once per session, resulting in not passing authenticatedUserId to Activiti.

To fix this sessionManagement and securityContext needs to be disabled by modifying SecurityConfiguration.configure() as follows:

    http
    .authenticationProvider(authenticationProvider())
    .csrf().disable()
    .sessionManagement().disable()
    .securityContext().disable()
    .authorizeRequests()
      .anyRequest().authenticated()
      .and()
    .httpBasic();
Labels:
0 Kudos
1 REPLY 1

jbarrez
Star Contributor
Star Contributor

‎10-27-2014 02:25 PM

Wow - very good catch!

We eventually went with  .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) instead of disable().
This also allows to keep the securityContext() enabled, which might come in handy one day.

It's fixed here: https://github.com/Activiti/Activiti/commit/3bb10cf9e44f531d70d09b05fc6916acf3e4b2a2

It's a bug commit, cause we wanted to make sure we catch this error in test, so we refactored from using a new HttpClient instance for each call to using a shared one for all tests (which indeed highlighted your issue and didn't show it before).

This post is exactly one of the reasons why I keep visiting the forum every day. Really nice catch. Thanks!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC