Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Rest Endpoint Security Override
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Rest Endpoint Security Override
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2016 06:07 AM
we are using Activiti Enterprise version 1.4.1. to improve our security we are planing to use token base authentication for public rest endpoints which is secured using Basic Authentication.Im new to Activiti development So i referred developer documentation and now need to override rest endpoint basic Authentication security. As explained in Developer documentation section, "12.1.1. REST Endpoints security override" i managed to create a extension but for testing purposes i reimplemented Basic Authentication. i followed these steps
1. create a spring boot project
2. added neccessory dependancies
3. created package com.activiti.extension.bean
4. created a class and implemented AlfrescoApiSecurityOverride
MySecurityOverride
MyAuthentication provider class
(For testing purposes i implemented Basic Authentication)
Problem is :
After implementing AlfrescoApiSecurityOverride interface i cant login to system using Activiti-app login page. browser gives a login prompt to add username and password at login page. after adding credentials to bowser login prompt i can go to activiti Home page. if i want to logout from the system, it gives this error. this seems like i cant override only public rest api endpoint security using AlfrescoApiSecurityOverride interface.
right now im focusing on isolating activiti public rest api endpoint security. i only want to override security of public rest apis. Did i miss something. could you guide me to solve this problem?
Best Regards
Paul
1. create a spring boot project
2. added neccessory dependancies
3. created package com.activiti.extension.bean
4. created a class and implemented AlfrescoApiSecurityOverride
MySecurityOverride
public class MySecurityOverride implements AlfrescoApiSecurityOverride {
@Bean
public AuthenticationProvider authenticationProvider() {
return new MyAuthenticationProvider();
}
public void configure(HttpSecurity http) throws Exception {
http
.authenticationProvider(authenticationProvider())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}
MyAuthentication provider class
(For testing purposes i implemented Basic Authentication)
public class MyAuthenticationProvider implements AuthenticationProvider{
@Autowired
private IdentityService identityService;
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
boolean authenticated = identityService.checkPassword(name, password);
List<String> userkeys = identityService.getUserInfoKeys("admin@app.activiti.com");
if (authenticated) {
List<Group> groups = identityService.createGroupQuery().groupMember(name).list();
Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
for (Group group : groups) {
grantedAuthorities.add(new SimpleGrantedAuthority(group.getId()));
}
identityService.setAuthenticatedUserId(name);
//GrantedAuthorityImpl grantedAdmin = new GrantedAuthorityImpl("ROLE_ADMIN");
//Collection<GrantedAuthority> grantedtest = new ArrayList();
//grantedtest.add(grantedAdmin);
return new UsernamePasswordAuthenticationToken(name, password, grantedtest);
} else {
throw new BadCredentialsException("Authentication failed for this username and password");
}
}
public boolean supports(Class<?> authentication) {
Boolean returnval = authentication.equals(UsernamePasswordAuthenticationToken.class);
return returnval;
}
}
Problem is :
After implementing AlfrescoApiSecurityOverride interface i cant login to system using Activiti-app login page. browser gives a login prompt to add username and password at login page. after adding credentials to bowser login prompt i can go to activiti Home page. if i want to logout from the system, it gives this error. this seems like i cant override only public rest api endpoint security using AlfrescoApiSecurityOverride interface.
org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/activiti-app/app/logout] in DispatcherServlet with name 'appDispatcher'right now im focusing on isolating activiti public rest api endpoint security. i only want to override security of public rest apis. Did i miss something. could you guide me to solve this problem?
Best Regards
Paul
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2016 05:31 AM
Hi.. could you give me a guide?
Related Content
- From Alfresco CE 7.3/Tomcat 9 to Alfresco 23.2.1/Tomcat 10 in Alfresco Forum
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Summarization of textual content in Alfresco repository with Amazon Bedrock in Alfresco Blog
- Alfresco AOS authentication in Alfresco Forum
- Performance Testing AWS Elasticsearch(Version 7.10) with ACS 7.2.0, ES Connector 3.1.0 in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
