Hyland Connect

lossril · ‎10-20-2015

I've tried to add LDAP configuration to Activiti REST webapp. How I did it:
1. Got myself a default Activiti 5.17 REST webapp (simply downloaded it, no builds)
2. Changed the engine.properties, db.properties and activiti-custom-context in the WEB-INF/classes folder of the webapp (see attachments)
3. Added Activiti LDAP jarfile to WEB-INF/lib folder.
4. Started the Tomcat up.

Now it does connect to LDAP for sure - it asks for AD credentials when I try to get something from REST, but I get the error for literally any REST query:
java.lang.IllegalArgumentException: A granted authority textual representation is required
   org.springframework.util.Assert.hasText(Assert.java:162)
   org.springframework.security.core.authority.SimpleGrantedAuthority.<init>(SimpleGrantedAuthority.java:23)
   org.activiti.rest.security.BasicAuthenticationProvider.authenticate(BasicAuthenticationProvider.java:34)
   org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
   org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
   org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
   org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
   org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
   org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
   org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
   org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
   org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
   org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
   org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)

Google does not actually help me on it: I get the idea it falls apart somewhere in the Spring part but have no clue what to do about it.
Any ideas?

jbarrez · ‎10-20-2015

Not sure … never saw that error before :s
There does seem indeed to be something wrong when Spring connects with AD …but no idea what (and google does not help indeed)

lossril · ‎10-21-2015

Okay, that's where the fun begins (:

Is there any way to configure LDAP for webapp in a way it does not authenticate by AD, but uses Activiti database users to log in? I thought it is intended to work so - we provide the AD user in configuration in order to search AD for users and groups and then get the tasks, process instances and other things through the API (e.g. http://localhost:8080/activiti-rest/service/runtime/tasks?candidateUser=%ADusername% to get all the tasks for some user)

lossril · ‎10-26-2015

Any ideas?

jbarrez · ‎10-28-2015

The Activiti engine simply will put the 'id' of the user as assignee for a task. So whether it's AD or not, that doesn't matter when fetching tasks for a given 'id'.

The default is indeed to use the identityService and go against the user table in the database. If you download the war from the website, that's exactly what happens.

Hyland Connect

LDAP REST configuration returns an error