AnsweredAssumed Answered

Securing Activiti Modeler

Question asked by balsarori on Mar 11, 2013
Latest reply on Mar 4, 2015 by b.schnarr
Currently, Activiti Modeler can be accessed (and models can be modified) without authentication by directly accessing the Modeler, for example:

http://localhost:8080/activiti-explorer2/service/editor?id=50

Of course, there are different options for administrators to handle this but I think that it should not be left unsecured by default.

Both Activiti Explorer (Authentication via custom Vaadin Login Form) and Activiti Rest API (Basic HTTP Authentication) are secured by default.

Since Activiti Modeler is a part of Activiti Explorer, I suggest that access to Activiti Modeler should only be allowed if the user has already logged in to Activiti Explorer.

What do you guys think?

Outcomes