Spring Boot Security

jisqaqov · February 24, 2017, 5:24am

Hello. When i started using spring boot flowable. My default spring security was overriten by engine. My authorizationManager of application can not sign in users now. I can not figure out where is the problem exactly.
I used to use activiti bpm and added these code to fix problem and i succeded:

@SpringBootApplication
@Configuration
@EnableConfigurationProperties
@EnableScheduling
@EnableAutoConfiguration(exclude = {
** org.activiti.spring.boot.RestApiAutoConfiguration.class,**
** org.activiti.spring.boot.SecurityAutoConfiguration.class})**
@ComponentScan
//@EnableAdminServer
public class SpringPlatformApplication {

Then i just changed namespaces. Though now i have a problem with flowable bpm. Could somebody please help.

jisqaqov · February 24, 2017, 11:38am

Anybody can help me? My authorization is broken due to spring boot flowable.

yvo · February 24, 2017, 2:28pm

Hi.

Can you explain in more details what you’re trying to do?

Regards,

Yvo

jisqaqov · February 24, 2017, 2:37pm

Hello. Well i have a project in spring boot and i have my own spring security CustomUserDetails class in it. As far as i understand flowable also has it’s own spring security and when i run my project i can no longer authenticate user through spring security AuthenticationManager class (http://docs.spring.io/autorepo/docs/spring-security/3.2.9.RELEASE/apidocs/org/springframework/security/authentication/AuthenticationManager.html). Though my authentication worked fine before i added flowable bpm to project. But i do need to use bpm in project. So i need urgent help.

yvo · February 24, 2017, 2:54pm

You mentioned that using

@EnableAutoConfiguration(exclude = {
**	org.activiti.spring.boot.RestApiAutoConfiguration.class,**
**	org.activiti.spring.boot.SecurityAutoConfiguration.class})**

it worked.
So changing that to

@EnableAutoConfiguration(exclude = {
**	org.flowable.spring.boot.RestApiAutoConfiguration.class,**
**	org.flowable.spring.boot.SecurityAutoConfiguration.class})**

does not work?

jisqaqov · February 24, 2017, 3:16pm

Yes indeed. Could you try it. Guys, i think you should test spring boot flowable more careful. It has many bugs.
By the way:
My project even not started with spring boot flowable.
Earlier i created issue in github, there are was a problem with slf4j. That issue was resolved by Tijs.
So, i removed flowable-spring-boot-rest-api dependency.
Finally, i only included flowable-spring-boot-basic dependency.

Now, my users can not authorize due to flowable bpm.
I hope you will fix the bug.

tijs · February 24, 2017, 3:27pm

Hi,

As you know we want to make it really easy to use all modules of the Flowable project including the Spring boot modules. But we really need detailed input about your project to be able to reproduce your issue. Making a statement like “It has many bugs” is not really helping. Point us at these bugs with good explanations and we’ll try our best to fix it.

In this specific case, which Flowable modules are you using exactly? Excluding “org.flowable.spring.boot.SecurityAutoConfiguration.class” doesn’t make any difference? Do you see the Flowable SecurityAutoConfiguration being instantiated in the logging?

Best regards,

Tijs

jisqaqov · February 24, 2017, 3:42pm

Hi Tijs. I agree. Excuse me. Currently i can only say that i use Flowable Spring Boot Starter Basic, Flowable Spring Boot Starter Jpa. Unfortunately other details can be provided tomorrow, because i am not at work place this time. I will give feedback as soon as possible.

jisqaqov · February 26, 2017, 9:27am

Hello. Finally i figured out what was the problem. I started debugging my application and i noticed that when i execute
Authentication auth = authenticationManager.authenticate(usernamePasswordAuthenticationToken); in my class

it goes into flowable class IdentityServiceUserDetailsService and calls loadUserByUsername. However i have my own class CustomUserDetailsService which implements UserDetailsService and has loadUserByUsername method.
To summ up, flowable class called insted of mine.

I attached some screens. Could you please fix the bug or help. We are going into production.

tijs · February 26, 2017, 9:53am

Hi,

Ok. But coming back to excluding RestApiAutoConfiguration and SecurityAutoConfiguration, that should prevent the Flowable UserDetailsService from being used. Can you check if the Flowable SecurityAutoConfiguration is loaded somehow?

Best regards,

Tijs

jisqaqov · February 26, 2017, 10:17am

Hello. Well it is not called. I put debug point to check it. However, I solved problem by addind this to my class

@Configuration
…
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@javax.annotation.Resource(name = “customUserDetailsService”)
private UserDetailsService customUserDetailsService;

@Override
protected UserDetailsService userDetailsService() {
   return customUserDetailsService;

}
…
}

Though we excluded SecurityAutoConfiguration, but i guess it is still somehow affects.
However if you have better approach, you are welcome. Later, i think we need to use flowable rest api, because we have our custom flowable bpm admin ui application. Not sure, what problem we will face, because we excluded rest api configuration, which is really sad.

Mohit · February 1, 2019, 10:11am

Hi ,
In which class these things to be excluded

Topic		Replies	Views
Required privileges Flowable Engine	15	889	October 16, 2019
Springboot Security Actuator Flowable Engine	1	935	August 17, 2022
Using custom authorization with REST module Flowable Engine	2	734	April 8, 2019
Using Spring Security for user management in Flowable Flowable Engine	3	2328	September 4, 2018
Custom Authentication - Access is denied Flowable Engine	2	2601	January 17, 2018

Spring Boot Security

Related Topics