AnsweredAssumed Answered

Public Rest Api security override

Question asked by paulrda on Sep 29, 2016
i wanted to remove basic authentication from my custom public rest api which is mapped under "activiti-app/api/enterprise/" path.Im new to Activiti development So i referred developer documentation and now need to override rest endpoint basic Authentication security. As explained in Developer documentation section, "12.1.1. REST Endpoints security override" i managed to create a extension and i implemented AlfrescoApiSecurityOverride interface and changed http security like this.

public void configure(HttpSecurity http) throws Exception {
   http
   .csrf().disable()
   .headers().disable()
   .authorizeRequests()
   .antMatchers("/activiti-app/api/enterprise/my-api-endpoint").permitAll()
        .anyRequest().authenticated()
   .and().
   httpBasic();
}


i wanted to remove basic authentication only from my custom rest api.
now when im login using login form it fails. it gives authentication error. login page only give a browser prompt message to add credentials then i can access and still checking basic authentication from my custom rest api.

what went wrong. can i override public rest api in this way?. could some one guide me to override public rest api security properly..

Regards
Paul

Outcomes