Configure a Spring Boot Project

The CIB seven Spring Boot Application created in previous step uses the default and best practice configuration, embedded in a starter. There are several ways to customize or override the configuration. The easiest is to provide a set of parameters in the application.yaml (or application.properties) file. The full list of supported configuration parameters can be found here.

Customize Configuration

Let’s create an application.yaml file in the src/main/resources folder with the following content:

camunda.bpm:
  admin-user:
    id: demo
    password: demo
    firstName: Demo
  filter:
    create: All tasks

spring:
  config:
    import:
      - optional:classpath:cibseven-webclient.properties

cibseven:
  webclient:
    services:
      basePath: /webapp/services/v1
    # Engine rest
    engineRest:
      url: http://localhost:8080

This configuration will result in the following:

  1. Admin user “demo” with the provided password and first name will be created.
  2. Default filter with the name “All tasks” will be created for Tasklist.
  3. Properties from the cibseven-webclient.properties configuration file will be imported.
  4. The base path for services will be defined so that Spring Boot can correctly map the endpoints.
  5. The Engine REST URL will be set to http://localhost:8080

Additionaly, let’s create a cibseven-webclient.properties file in the same directory as application.yaml with the following content:

# do not use this jwtSecret value in production
cibseven.webclient.authentication.jwtSecret=RtURHZ7SQYfLoX902wcjlvduW2qe9g0bjMUczmffjiTjzU9phbv3mK54zHMqeGK6cqgoEBTIUE6RqwvemSqbpD40qUPXVRElvDHGhn4OAEfjeEP2ANah8GJejSA08E820mForcQHBmediqg2DzIrxnDXyf2

The jwtSecret property enables secure communication between the CIB seven web application and the engine using JWT-based authentication. However, it is not sufficient on its own: an authentication filter must also be applied.

Add Authentication filter

To enable JWT-based authentication, we need to register an authentication filter as a @Bean and configure it to use the Composite authentication provider. This filter will intercept requests to the specified endpoints.

package org.cibseven.getstarted.loanapproval;

import org.cibseven.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter;
import org.springframework.boot.autoconfigure.web.servlet.JerseyApplicationPath;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Arrays;

@Configuration
public class FilterConfiguration {

    @Bean
    // Composite Authentication Filter with Jwt Token and Http Basic
    public FilterRegistrationBean<ProcessEngineAuthenticationFilter> AuthenticationFilter(JerseyApplicationPath applicationPath) {
    	FilterRegistrationBean<ProcessEngineAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
      registrationBean.setName("cibseven-composite-auth");
    	registrationBean.setFilter(new ProcessEngineAuthenticationFilter());
      registrationBean.setOrder(10);// Order of execution if multiple filters

      String restApiPathPattern = applicationPath.getPath();
        
      // Apply to all URLs under engine-rest except /engine-rest/identity/verify
    	String[] urlPatterns = Arrays.asList(
            "/process-definition/*",
            "/process-instance/*",
            "/history/*",
            "/execution/*",
            "/batch/*",
            "/decision-definition/*",
            "/deployment/*",
            "/filter/*",
            "/incident/*",
            "/job-definition/*",
            "/job/*",
            "/telemetry/*",
            "/metrics/*",
            "/authorization/*",
            "/group/*",
            "/user/*",
            "/message/*",
            "/event-subscription/*",
            "/variable-instance/*",
            "/task/*",
            "/engine/*",
            "/identity/groups"
    	).stream().map(pattern -> addUrl(restApiPathPattern, pattern)).toArray(String[]::new);

    	// Enable async support
      registrationBean.setAsyncSupported(true);
      // Init parameters
      registrationBean.addInitParameter(
          "authentication-provider",
          org.cibseven.bpm.engine.rest.security.auth.impl.CompositeAuthenticationProvider.class.getName()
      );

      registrationBean.addUrlPatterns(urlPatterns);
      return registrationBean;
    }
    
    private String addUrl(String base, String extend) {
  	  return (base + extend).replaceFirst("^(\\/+|([^/]))", "/$2");
    }
}

Build and Run

Now you can rebuild and rerun the application. Make sure to run mvn clean before running mvn install again.

When you open http://localhost:8080/ in your browser, it will redirect you to the CIB Seven web application.

Besides, when accessing the legacy Camunda web application at http://localhost:8080/camunda, you will no longer be prompted to create an admin user. Instead, you’ll be asked to log in with a username and password.

You can use “demo/demo” — the credentials configured earlier — to access the CIB seven web applications. After you logged in, you can go to Tasklist and see that a filter named “All tasks” was created, though it does not contain any tasks so far.

Source Code Step-2

Catch up: Get the Sources of Step-2.

Download as .zip or checkout the corresponding tag with Git.

You can checkout the current state from the GitHub repository.

If you have not cloned the repository yet, please execute the following command: 

git clone https://github.com/cibseven/cibseven-get-started-spring-boot.git

To checkout the current state of the process application please execute the following command: 

git checkout -f Step-2
Or download as archive from here.

On this Page: