Hello,
We are using activiti v5.18 and spring boot. To invoke activiti REST API, we have to create a activiti user to pass basic authentication. As I know, activiti security is based on spring boot security, we tried two approaches.
1) exclude activiti spring boot security auto config
@EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class})
2) create a class to extend spring class 'WebSecurityConfigurerAdapter), and set 'security.basic.enabled=false' in application.properties
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter
ff
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic().disable()
.requiresChannel().anyRequest().requiresSecure();
// @formattern
}
}
unfortunately, none of them disable the basic authentication, when I go to page 'http://localhost:8080/repository/deployments', browser pops up user login window. and show error message on page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
There was an unexpected error (type=Unauthorized, status=401).
Full authentication is required to access this resource
In addition, we have our own REST service, when client invoke our REST service, browser also asks to input activiti REST user/password.
Is there any way to disable activiti REST HTTP basic authentication?
thanks,
We are using activiti v5.18 and spring boot. To invoke activiti REST API, we have to create a activiti user to pass basic authentication. As I know, activiti security is based on spring boot security, we tried two approaches.
1) exclude activiti spring boot security auto config
@EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class})
2) create a class to extend spring class 'WebSecurityConfigurerAdapter), and set 'security.basic.enabled=false' in application.properties
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter
ffhttp
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic().disable()
.requiresChannel().anyRequest().requiresSecure();
// @formatter
n}
}
unfortunately, none of them disable the basic authentication, when I go to page 'http://localhost:8080/repository/deployments', browser pops up user login window. and show error message on page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
There was an unexpected error (type=Unauthorized, status=401).
Full authentication is required to access this resource
In addition, we have our own REST service, when client invoke our REST service, browser also asks to input activiti REST user/password.
Is there any way to disable activiti REST HTTP basic authentication?
thanks,
