AnsweredAssumed Answered

After disabling Activiti REST basic authentication

Question asked by aditya09 on Jun 27, 2016
Latest reply on Sep 29, 2016 by pteki@yahoo.com
My Spring Security Configuration looks like this:

@Configuration
protected static class AuthConfig extends WebSecurityConfigurerAdapter {
    @Value('${authn.authnUrl}')
    private String authnUrl;

    @Value('${authn.clientId}')
    private String clientId;

    @Value('${authn.privateKeyPath}')
    private String privateKeyPath;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(new PreAuthAuthenticationProvider());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .addFilterBefore(authnFilter(), SecurityContextPersistenceFilter.class)
                .addFilterAfter(preAuthFilter(), LogoutFilter.class)
                .exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint('/login'));

    }

    private Filter preAuthFilter() throws Exception {
        PreAuthProcessingFilter filter = new PreAuthProcessingFilter();
        filter.setAuthenticationManager(authenticationManager());

        return filter;
    }

    private Filter authnFilter() {
        return new AuthnFilterBuilder()
                .setAuthnUrl(authnUrl)
                .setClientId(clientId)
                .setPrivateKeyPath(privateKeyPath)
                .enableSystemAuth()
                .enableUIAuth()
                .build();
    }
}

where authN is a internal tool used to authenticate users.
Now my question is how will activiti-engine know which user initiated a request if I remove basic authentication completely.

Outcomes