AnsweredAssumed Answered

Having multiple IdentityManagers ? Conflict with Spring Boot

Question asked by quentind on Jul 6, 2016
Hi,

I'm having a problem for which I've been searching the Internet and the documentation without being able to find a solution. This is why I decided to ask for your help.

I have project A which is offering an abstraction layer on top of Activiti. It essentially consists of a Spring bean which offers easy access to some of the most common Activiti functionalities.
It has a @Configuration class which defines a UserManagerFactory and a GroupManagerFactory, as follows:

@Configuration
@EnableAutoConfiguration
public class ActivitiConfig {

    @Bean
    InitializingBean processEngineConfigurationInitializer(final SpringProcessEngineConfiguration configuration,
            final BPMUserManagerFactory userManagerFactory,
            final BPMGroupManagerFactory groupManagerFactory) {
        return new InitializingBean() {
            public void afterPropertiesSet() {
                configuration.getSessionFactories().put(UserIdentityManager.class,
                        userManagerFactory);
                configuration.getSessionFactories().put(GroupIdentityManager.class,
                        groupManagerFactory);
            }
        };
    }
}


And there is project B which has a Maven dependency on project A, and does @ComponentScan(basePackages="xxx.projectA") to load the above configuration.
In project B, a BPMN file is stored in src/main/resources/processes for project A to be able to load B thanks to the classpath.
Thus, Project B is able to manipulate this BPMN through project A's abstraction layer bean.

Our IdentityManagers do some REST calls to other APIs to load users and groups.

Everything works fine but things get more complicated as I wanted to add HTML pages in project B. Indeed, project B is meant to be a web app that uses project A to manipulate the BPM.
When I call localhost/app/myPage in the browser, Springs tries to call BPMUserManager.checkPassword() and it doesn't work because we want our Web security to work with different users than those of the BPM.

The simple fact of having imported project A's Spring configuration has configured project B's Spring security, because Activiti's IdentityManagers are linked to Spring Security.

How could we have Project B manage its own security for its pages, and Project A manage its own security for the BPM users and groups?

Thanks a lot in advance for your help

Best regards,
Quentin

Outcomes