Spring Boot Activiti Rest + LDAP but without using LDAP authentication

cancel
Showing results for 
Search instead for 
Did you mean: 
Member II

Spring Boot Activiti Rest + LDAP but without using LDAP authentication

I am new to activiti bpm (5.22.0 version 5.17.0 activiti-rest) and am using spring boot's activiti integration. I have not done much configuration just the basic maven pom dependencies and the standalone app works with basic authentication that Activiti provides out of the box.

Now I need to use LDAP to pull in user details and I have to exclude Activiti's authentication and also not perform LDAP authentication. The use for LDAP is to just pull in user details and do custom authorization via some token that I am generating as the user is already authenticated at this point.

Per my understanding, Activiti taps into LDAP to store these user info into it's own tables, is that correct? If yes, how would Activiti know what set of users to store? As I do not want all users in our LDAP to be stored by default.

Please help in understanding this.

5 Replies
Highlighted
Intermediate

Re: Spring Boot Activiti Rest + LDAP but without using LDAP authentication

<snip>

Per my understanding, Activiti taps into LDAP to store these user info into it's own tables, is that correct? If yes, how would Activiti know what set of users to store? As I do not want all users in our LDAP to be stored by default.

</snip>

The users that are "cached" are based on the LDAP configuration.
Basically you will define the search base (baseDN) and filter (queryUserByUserId) to determine which user to "cache" in the Activiti tables.

As for Authentication. Activiti (Community Edition) uses straight Spring Authentication so you can add your own authentication filter or overload the LDAPUserManagerFactory and create a custom LDAPUserManager class that implements your own checkPassword() method.

Hope this helps,

Greg

Highlighted
Member II

Re: Spring Boot Activiti Rest + LDAP but without using LDAP authentication

Thanks for the detailed response. This does give some insight. However, I also would like to know how would I configure LDAP for activiti to use within a spring boot app. Is there any documentation for the same? I do not think the activiti user guide says much about this.

Highlighted
Intermediate

Re: Spring Boot Activiti Rest + LDAP but without using LDAP authentication

Yeah, the guide doesnt give much detail with respect to overriding security in Spring Boot/Activiti.
The good news is that it's just a standard Sprint Boot app with the standard overrides.

Check out the spring boot rest (with security config) example here:

Activiti/modules/activiti-spring-boot/spring-boot-samples/spring-boot-sample-rest-api-security at ma... 

Greg

Highlighted
Member II

Re: Spring Boot Activiti Rest + LDAP but without using LDAP authentication

Not able to access the link

Highlighted
Active Member II

Re: Spring Boot Activiti Rest + LDAP but without using LDAP authentication

I think Greg Harley‌ meant to use the 6.0-release branch:

Activiti/modules/activiti-spring-boot/spring-boot-samples/spring-boot-sample-rest-api-security at 6.... 

Hope that helps.