AnsweredAssumed Answered

Issue with custom RestAuthenticator Using Rest 5.13

Question asked by ganeshr on Aug 12, 2013
Latest reply on Aug 14, 2013 by ganeshr
Hi,
 
   I'm developing a custom rest application with custom rest services on top of activiti-rest 5.13. As we have integrated siteminder(SSO) in application, all the request will go through the siteminder authentication using cookie value being passed from client to rest application, So I have removed extra authentication for activiti-rest services by customizing the ActivitiRestServicesApplication and created custom restAuthenticator by overriding methods requestRequiresAuthentication and isRequestAuthorized.  Returning always false in the overriding method requestRequiresAuthentication of restAuthenticator class by this I'm removing extra authentication. With this configuration able to remove authentication in verify method, but the problem is for each resource invocation again the authenticate method is invoked in SecuredResource class and trying to retrieve the loogedInUser  name.
Here is the piece of code getting invoked in ActivitiRestApplication,

public String authenticate(Request request, Response response) {
    if (!(request.getClientInfo().isAuthenticated())) {
      this.authenticator.challenge(response, false);
      return null;
    }
    return request.getClientInfo().getUser().getIdentifier();
  }

So the issue I'm facing is  request.getClientInfo().getUser() is returning as null always, because of this rest service is not called.  I'm not sure why the request.getClientInfo().getUser() is returning null. For the new custom rest service I have used SecurityContext in resource class and able to retrieve the User Principal information.  Could any one help me how to achieve the same for the existing rest services?


Outcomes