diff --git a/README.md b/README.md index 05136e45..47ea6e77 100644 --- a/README.md +++ b/README.md @@ -220,22 +220,23 @@ This integration uses HikariCP as a database connection pool to optimize perform You may use the following properties (typically in application.yml) to configure the Camunda integration. -| Prefix |Property | Default | Description | -|-----------------------|------------------|----------------------------------------------|------------------------| -| camunda | .locations | classpath:. | List of locations to scan for model files (default is the resources's root only) | -| camunda.admin-user | .id | | If present, a Camunda admin account will be created by this id (including admin group and authorizations) | -| | .password | | Admin's password (mandatory if the id is present) | -| | .firstname | | Admin's first name (optional, defaults to the capitalized id) | -| | .lastname | | Admin's last name (optional, defaults to the capitalized id) | -| | .email | | Admin's email address (optional, defaults to <id>@localhost) | -| camunda.rest | .enabled | false | Enable the REST API | -| | .context-path | /engine-rest | Context path for the REST API | -| | .basic-auth-enabled | false | Enables basic authentication for the REST API | -| camunda.webapps | .enabled | false | Enable the Webapps (Cockpit, Task list, Admin) | -| | .context-path | /camunda | Context path for the Webapps | -| | .index-redirect-enabled | true | Registers a redirect from / to the Webapps | -| camunda.filter | .create | | Name of a "show all" filter for the task list | -| camunda | .license-file | | Provide a URL to a license file; if no URL is present it will check your classpath for a file called "camunda-license.txt" | +| Prefix |Property | Default | Description | +|-----------------------|------------------|----------------------------------------------------------------------------------|------------------------| +| camunda | .locations | classpath:. | List of locations to scan for model files (default is the resources's root only) | +| camunda.admin-user | .id | | If present, a Camunda admin account will be created by this id (including admin group and authorizations) | +| | .password | | Admin's password (mandatory if the id is present) | +| | .firstname | | Admin's first name (optional, defaults to the capitalized id) | +| | .lastname | | Admin's last name (optional, defaults to the capitalized id) | +| | .email | | Admin's email address (optional, defaults to <id>@localhost) | +| camunda.rest | .enabled | false | Enable the REST API | +| | .context-path | /engine-rest | Context path for the REST API | +| | .basic-auth-enabled | false | Enables basic authentication for the REST API | +| | .authentication-provider | org.camunda.bpm.engine. rest.security.auth.impl. HttpBasicAuthenticationProvider | Authentication Provider to use for the REST API | +| camunda.webapps | .enabled | false | Enable the Webapps (Cockpit, Task list, Admin) | +| | .context-path | /camunda | Context path for the Webapps | +| | .index-redirect-enabled | true | Registers a redirect from / to the Webapps | +| camunda.filter | .create | | Name of a "show all" filter for the task list | +| camunda | .license-file | | Provide a URL to a license file; if no URL is present it will check your classpath for a file called "camunda-license.txt" | ### Generic Properties diff --git a/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/Configuration.java b/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/Configuration.java index 5c3770bb..3c6c706d 100644 --- a/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/Configuration.java +++ b/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/Configuration.java @@ -410,6 +410,14 @@ interface Rest { */ @Bindable(defaultValue = "false") boolean isBasicAuthEnabled(); + + /** + * Authentication Provider to use for the REST API. + * + * @return the authentication provideer + */ + @Bindable(defaultValue = "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider") + String getAuthenticationProvider(); } @ConfigurationProperties("eventing") diff --git a/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/rest/JettyServerCustomizerRuntimeRest.java b/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/rest/JettyServerCustomizerRuntimeRest.java index 22450985..b235805c 100644 --- a/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/rest/JettyServerCustomizerRuntimeRest.java +++ b/micronaut-camunda-bpm-feature/src/main/java/info/novatec/micronaut/camunda/bpm/feature/rest/JettyServerCustomizerRuntimeRest.java @@ -56,11 +56,13 @@ public class JettyServerCustomizerRuntimeRest implements ParallelInitializationW // Configuration must be resolved during construction - otherwise code might be blocked if a parallel thread constructs a bean during execution, e.g. the ProcessEngine protected final String contextPath; protected final boolean basicAuthEnabled; + protected final String authenticationProvider; public JettyServerCustomizerRuntimeRest(Server server, Configuration configuration) { this.server = server; contextPath = configuration.getRest().getContextPath(); basicAuthEnabled = configuration.getRest().isBasicAuthEnabled(); + authenticationProvider = configuration.getRest().getAuthenticationProvider(); } @Override @@ -83,9 +85,9 @@ public void contextDestroyed(ServletContextEvent sce) { if (basicAuthEnabled) { // see https://docs.camunda.org/manual/latest/reference/rest/overview/authentication/ FilterHolder filterHolder = new FilterHolder(ProcessEngineAuthenticationFilter.class); - filterHolder.setInitParameter("authentication-provider", "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider"); + filterHolder.setInitParameter("authentication-provider", authenticationProvider); restServletContextHandler.addFilter(filterHolder, "/*", EnumSet.of(REQUEST)); - log.debug("REST API - Basic authentication enabled"); + log.debug("REST API - Basic authentication enabled with authentication-provider {}", authenticationProvider); } restServletContextHandler.setServer(server);