AnsweredAssumed Answered

Setting custom rest authenticator in rest-webapp

Question asked by b.schnarr on May 9, 2014
Latest reply on Sep 29, 2015 by b.schnarr
Hello at all,

we want to implement SSO in the activiti-rest webapp. Therefore, we need to disable the build in rest basic authentication. To achieve this, I created a subclass of that implements the method
boolean requestRequiresAuthentication(Request request)
of the custom interface. Always returning false disables the basic authentication in theory.

Here is my class:


import org.restlet.Request;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.activiti.engine.identity.User;
import org.activiti.engine.impl.identity.Authentication;
import org.apache.commons.codec.binary.Base64;

import java.util.Arrays;
import java.util.Date;


public class CustomActivitiRestServicesApplication extends ActivitiRestServicesApplication implements RestAuthenticator {

    protected String ltpaKey;
    protected String ltpaPassword;

   private static final String AES_DECRIPTING_ALGORITHM = "AES/CBC/PKCS5Padding";
   private static final String DES_DECRIPTING_ALGORITHM = "DESede/ECB/PKCS5Padding";
   private static final String LTPA_COOKIE_NAME = "LtpaToken2";
   String ltpaToken = null;

   public boolean requestRequiresAuthentication(Request request) {

      return false;

   public boolean isRequestAuthorized(Request request) {
      // TODO Auto-generated method stub
      return false;

In addition, I altered the web.xml of the activiti-webapp-rest2, that it points to my custom implementation:

  <!– Restlet adapter –> 
      <!– Application class name –>

The Problem is, that this takes no effekt. After redeploying, the rest-api still wants to have basic credentials and I have no idea, why.

Any reply is appreciated. I googled a lot but without success.

Thank you very much and best regards