AnsweredAssumed Answered

Activiti REST API username for all API operation

Question asked by imsrk on Aug 2, 2016
Hi,

Possibly when you are using REST APIs the authentication is handled by external system on an external application such as an SSO (Advanced scenario) or Database table (Basic scenario) with user and hashed password which you cannot decrypt due to security reasons (I'm talking about best practices such as storing SHA256 sum of password in DB which can't be hashed back in plain text). Now how would you propose to pass the same user + password to activiti to authenticate and store the username against the comment on the task.

Also following best practices there should be a generic user for the API calls such as create a common RESTADMIN having privileges for Rest calls should invoke the API for Activiti on behalf of users logged into the application. Mentioning that all api's in the Activiti should provide username as a parameter to assign against action/activity being preformed on the process instance. In case the user is blank may be the common generic user Id can be assigned.

Can anyone comment on this scenario and how to address it in current releases of activiti specially when commenting on tasks is becoming an issue as it always picks the author name as the Rest API caller which as mentioned cannot be the actual user commenting on the task due to the reason we cannot get the password of the logged in user to pass in for Rest authentication by Activiti?

Outcomes