I am new to activiti bpm (5.22.0 version 5.17.0 activiti-rest) and am using spring boot's activiti integration. I have not done much configuration just the basic maven pom dependencies and the standalone app works with basic authentication that Activiti provides out of the box.
Now I need to use LDAP to pull in user details and I have to exclude Activiti's authentication and also not perform LDAP authentication. The use for LDAP is to just pull in user details and do custom authorization via some token that I am generating as the user is already authenticated at this point.
Per my understanding, Activiti taps into LDAP to store these user info into it's own tables, is that correct? If yes, how would Activiti know what set of users to store? As I do not want all users in our LDAP to be stored by default.
Please help in understanding this.
<snip>
Per my understanding, Activiti taps into LDAP to store these user info into it's own tables, is that correct? If yes, how would Activiti know what set of users to store? As I do not want all users in our LDAP to be stored by default.
</snip>
The users that are "cached" are based on the LDAP configuration.
Basically you will define the search base (baseDN) and filter (queryUserByUserId) to determine which user to "cache" in the Activiti tables.
As for Authentication. Activiti (Community Edition) uses straight Spring Authentication so you can add your own authentication filter or overload the LDAPUserManagerFactory and create a custom LDAPUserManager class that implements your own checkPassword() method.
Hope this helps,
Greg
Thanks for the detailed response. This does give some insight. However, I also would like to know how would I configure LDAP for activiti to use within a spring boot app. Is there any documentation for the same? I do not think the activiti user guide says much about this.
Yeah, the guide doesnt give much detail with respect to overriding security in Spring Boot/Activiti.
The good news is that it's just a standard Sprint Boot app with the standard overrides.
Check out the spring boot rest (with security config) example here:
Greg
Not able to access the link
I think Greg Harley meant to use the 6.0-release branch:
Hope that helps.
Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.