Skip to content

Commit

Permalink
Close #439: Authentication Provider is now configurable, e.g. "com.ex…
Browse files Browse the repository at this point in the history 
…ample.camunda.JWTAuthenticationProvider"
  • Loading branch information
@tobiasschaefer
tobiasschaefer committed Nov 5, 2022
1 parent 9b7e35d commit db760fe
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 18 deletions.
33 changes: 17 additions & 16 deletions README.md
View file
Expand Up @@ -220,22 +220,23 @@ This integration uses HikariCP as a database connection pool to optimize perform

You may use the following properties (typically in application.yml) to configure the Camunda integration.

| Prefix |Property | Default | Description |
|-----------------------|------------------|----------------------------------------------|------------------------|
| camunda | .locations | classpath:. | List of locations to scan for model files (default is the resources's root only) |
| camunda.admin-user | .id | | If present, a Camunda admin account will be created by this id (including admin group and authorizations) |
| | .password | | Admin's password (mandatory if the id is present) |
| | .firstname | | Admin's first name (optional, defaults to the capitalized id) |
| | .lastname | | Admin's last name (optional, defaults to the capitalized id) |
| | .email | | Admin's email address (optional, defaults to <id>@localhost) |
| camunda.rest | .enabled | false | Enable the REST API |
| | .context-path | /engine-rest | Context path for the REST API |
| | .basic-auth-enabled | false | Enables basic authentication for the REST API |
| camunda.webapps | .enabled | false | Enable the Webapps (Cockpit, Task list, Admin) |
| | .context-path | /camunda | Context path for the Webapps |
| | .index-redirect-enabled | true | Registers a redirect from / to the Webapps |
| camunda.filter | .create | | Name of a "show all" filter for the task list |
| camunda | .license-file | | Provide a URL to a license file; if no URL is present it will check your classpath for a file called "camunda-license.txt" |
| Prefix |Property | Default | Description |
|-----------------------|------------------|----------------------------------------------------------------------------------|------------------------|
| camunda | .locations | classpath:. | List of locations to scan for model files (default is the resources's root only) |
| camunda.admin-user | .id | | If present, a Camunda admin account will be created by this id (including admin group and authorizations) |
| | .password | | Admin's password (mandatory if the id is present) |
| | .firstname | | Admin's first name (optional, defaults to the capitalized id) |
| | .lastname | | Admin's last name (optional, defaults to the capitalized id) |
| | .email | | Admin's email address (optional, defaults to <id>@localhost) |
| camunda.rest | .enabled | false | Enable the REST API |
| | .context-path | /engine-rest | Context path for the REST API |
| | .basic-auth-enabled | false | Enables basic authentication for the REST API |
| | .authentication-provider | org.camunda.bpm.engine. rest.security.auth.impl. HttpBasicAuthenticationProvider | Authentication Provider to use for the REST API |
| camunda.webapps | .enabled | false | Enable the Webapps (Cockpit, Task list, Admin) |
| | .context-path | /camunda | Context path for the Webapps |
| | .index-redirect-enabled | true | Registers a redirect from / to the Webapps |
| camunda.filter | .create | | Name of a "show all" filter for the task list |
| camunda | .license-file | | Provide a URL to a license file; if no URL is present it will check your classpath for a file called "camunda-license.txt" |

### Generic Properties

Expand Down
8 changes: 8 additions & 0 deletions ...a-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/Configuration.java
View file
Expand Up @@ -410,6 +410,14 @@ interface Rest {
*/
@Bindable(defaultValue = "false")
boolean isBasicAuthEnabled();

/**
* Authentication Provider to use for the REST API.
*
* @return the authentication provideer
*/
@Bindable(defaultValue = "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider")
String getAuthenticationProvider();
}

@ConfigurationProperties("eventing")
Expand Down
6 changes: 4 additions & 2 deletions ...ava/info/novatec/micronaut/camunda/bpm/feature/rest/JettyServerCustomizerRuntimeRest.java
View file
Expand Up @@ -56,11 +56,13 @@ public class JettyServerCustomizerRuntimeRest implements ParallelInitializationW
// Configuration must be resolved during construction - otherwise code might be blocked if a parallel thread constructs a bean during execution, e.g. the ProcessEngine
protected final String contextPath;
protected final boolean basicAuthEnabled;
protected final String authenticationProvider;

public JettyServerCustomizerRuntimeRest(Server server, Configuration configuration) {
this.server = server;
contextPath = configuration.getRest().getContextPath();
basicAuthEnabled = configuration.getRest().isBasicAuthEnabled();
authenticationProvider = configuration.getRest().getAuthenticationProvider();
}

@Override
Expand All @@ -83,9 +85,9 @@ public void contextDestroyed(ServletContextEvent sce) {
if (basicAuthEnabled) {
// see https://docs.camunda.org/manual/latest/reference/rest/overview/authentication/
FilterHolder filterHolder = new FilterHolder(ProcessEngineAuthenticationFilter.class);
filterHolder.setInitParameter("authentication-provider", "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
filterHolder.setInitParameter("authentication-provider", authenticationProvider);
restServletContextHandler.addFilter(filterHolder, "/*", EnumSet.of(REQUEST));
log.debug("REST API - Basic authentication enabled");
log.debug("REST API - Basic authentication enabled with authentication-provider {}", authenticationProvider);
}

restServletContextHandler.setServer(server);
Expand Down

0 comments on commit db760fe

Please sign in to comment.