AnsweredAssumed Answered

Can not setAuthenticatedUserId in rest API if there is customization authentication

Question asked by youtianhong on Jul 15, 2015
Latest reply on Jul 21, 2015 by youtianhong
Hello everyone,

As we know, we can set the initiator like below code :

<startEvent id="request" activiti:initiator="initiator" />
The authenticated user must be set with the method BEFORE the process instance is started,
try {
  identityService.setAuthenticatedUserId("bono");
  runtimeService.startProcessInstanceByKey("someProcessKey");
} finally {
  identityService.setAuthenticatedUserId(null);
}


The problem is I want to start a new process with variables using the rest api, the command to start this is:
http://localhost:8080/activitirestservice/service/runtime/process-instances

I think it will be successful if we have not a custom authenticator in rest api service side.

The variables like below:

{
   "processDefinitionKey":"leave",
    "variables": [
      {
        "name":"applyUserId",
        "value":"Frank"
      }
   ]
}

The following words is jbarrez's feedback in http://forums.activiti.org/content/start-process-instance-user-using-rest-api#comment-30444.

We've got a unit test for this: ProcessInstanceCollectionResourceTest.testStartProcess().
I ran this here, and it fills the start user just fine (user is set by client.setChallengeResponse(ChallengeScheme.HTTP_BASIC, "kermit", "kermit");
)
Did you somehowe tweak the rest api or have a custom authenticator?


But the system did not write the 'applyUserId' in field start_user_id of table act_hi_procinst, it always was wrote the word 'system user' that was setted in override 'authenticate' method  by me.
like above mention by jbarrez, I think
the problem maybe was that I did a customization way to override 'authenticate' method.
I also think it will work fine when I remove this customzation, but we don't want to authenticate in rest service side.

So is there any solution for this case ? How can i pass userId in initiator and don't remove authentication  customization.
Any feedback will be greatly appreciated.
Thanks in advance!

To remove authentication in rest api service side, I did a customization,the following is my solution way
1. add customzation config in web.xml

  <!– Restlet adapter –> 
  <servlet> 
    <servlet-name>RestletServlet</servlet-name> 
    <servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
    <init-param>
      <!– Application class name –>
      <param-name>org.restlet.application</param-name>
      <param-value>com.phzc.activiti.custom.filter.CustomActivitiRestServicesApplication</param-value>
    </init-param>
  </servlet>

2. Create class CustomActivitiRestServicesApplication, the activiti user guide don't mention that override authenticate method,
but for my testing, I need  override this method, otherwise authentication is still need.

public class CustomActivitiRestServicesApplication extends ActivitiRestServicesApplication {
   protected RestResponseFactory restResponseFactory;
          public CustomActivitiRestServicesApplication() {
       super();
       restAuthenticator = new RestAuthenticatorImpl();
       setRestAuthenticator(restAuthenticator);
     }
    @Override
     public String authenticate(Request request, Response response) {
        if(request.getClientInfo() != null) {
           if(request.getClientInfo().getUser() != null) {
              return request.getClientInfo().getUser().getIdentifier();
           }
        }
        return "system user";
     }
   }

3. Override requestRequiresAuthentication method

public class RestAuthenticatorImpl implements RestAuthenticator {
   @Override
   public boolean requestRequiresAuthentication(Request request) {
      return false;
   }
   @Override
   public boolean isRequestAuthorized(Request request) {
      return false;
   } 
}

Outcomes