AnsweredAssumed Answered

how to disable activiti REST HTTP basic authentication

Question asked by neo1 on Aug 23, 2015
Latest reply on Aug 24, 2015 by vasile.dirla
Hello,
  We are using activiti v5.18 and spring boot. To invoke activiti REST API, we have to create a activiti user to pass basic authentication. As I know, activiti security is based on spring boot security, we tried two approaches.
  1) exclude activiti spring boot security auto config
@EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class})
  2) create a class to extend spring class 'WebSecurityConfigurerAdapter), and set 'security.basic.enabled=false' in application.properties
   @Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
   
   @Override
    protected void configure(HttpSecurity http) throws Exception {

        // @formatter:off
        http
            .authorizeRequests()
                .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin()
                    .and()
                .httpBasic().disable()
            .requiresChannel().anyRequest().requiresSecure();
        // @formatter:on
    }
}

  unfortunately, none of them disable the basic authentication, when I go to page 'http://localhost:8080/repository/deployments', browser pops up user login window. and show error message on page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

There was an unexpected error (type=Unauthorized, status=401).
Full authentication is required to access this resource
 
   In addition, we have our own REST service, when client invoke our REST service, browser also asks to input activiti REST user/password.

   Is there any way to disable activiti REST HTTP basic authentication?

thanks,

Outcomes