AnsweredAssumed Answered

Activiti Rest Security - Where is it being used?

Question asked by stbill79 on Mar 22, 2016
Latest reply on Mar 25, 2016 by jbarrez
I've seen other posts and also dug through the activiti-rest, common, and activiti-spring-boot modules.

I believe I understand how to customize the security.

What I don't understand is WHERE the security is being used.

* I don't see any sort of identityService.setAuthenticatedUser… around any of the Spring MVC rest controllers.

* There is a dependency on Spring Security. But I don't see any refererences to SecurityContextHolder…

* Can't find any use of ServletRequest.getUserPrincipal or similar.

Unless I'm missing something, it seems you've forced authentication on the rest urls, but never actually do anything with the current user.

If that's the case, how does the process engine know which user is currently making calls?