AnsweredAssumed Answered

authenticatedUserId no set in REST 5.16.4

Question asked by balsarori on Oct 26, 2014
Latest reply on Oct 27, 2014 by jbarrez
Using configuration in activiti-webapp-rest2, authenticatedUserId is only passed to Activiti on first REST call only. Due to spring security settings which saves authentication in session, BasicAuthenticationProvider.authenticate() gets called only once per session, resulting in not passing authenticatedUserId to Activiti.

To fix this sessionManagement and securityContext needs to be disabled by modifying SecurityConfiguration.configure() as follows:

    http
    .authenticationProvider(authenticationProvider())
    .csrf().disable()
    .sessionManagement().disable()
    .securityContext().disable()
    .authorizeRequests()
      .anyRequest().authenticated()
      .and()
    .httpBasic();

Outcomes