Configure a Spring Boot Project
The CIB seven Spring Boot Application created in previous step uses the default and best practice configuration, embedded in a starter.
There are several ways to customize or override the configuration. The easiest is to provide a set of parameters in the application.yaml
(or application.properties
) file.
The full list of supported configuration parameters can be found here.
Customize Configuration
Let’s create an application.yaml
file in the src/main/resources
folder with the following content:
camunda.bpm:
admin-user:
id: demo
password: demo
firstName: Demo
filter:
create: All tasks
spring:
config:
import:
- optional:classpath:cibseven-webclient.properties
cibseven:
webclient:
services:
basePath: /webapp/services/v1
# Engine rest
engineRest:
url: http://localhost:8080
This configuration will result in the following:
- Admin user “demo” with the provided password and first name will be created.
- Default filter with the name “All tasks” will be created for Tasklist.
- Properties from the
cibseven-webclient.properties
configuration file will be imported. - The base path for services will be defined so that Spring Boot can correctly map the endpoints.
- The Engine REST URL will be set to
http://localhost:8080
Additionaly, let’s create a cibseven-webclient.properties
file in the same directory as application.yaml
with the following content:
# do not use this jwtSecret value in production
cibseven.webclient.authentication.jwtSecret=RtURHZ7SQYfLoX902wcjlvduW2qe9g0bjMUczmffjiTjzU9phbv3mK54zHMqeGK6cqgoEBTIUE6RqwvemSqbpD40qUPXVRElvDHGhn4OAEfjeEP2ANah8GJejSA08E820mForcQHBmediqg2DzIrxnDXyf2
The jwtSecret
property enables secure communication between the CIB seven web application and the engine using JWT-based authentication. However, it is not sufficient on its own: an authentication filter must also be applied.
Add Authentication filter
To enable JWT-based authentication, we need to register an authentication filter as a @Bean and configure it to use the Composite authentication provider. This filter will intercept requests to the specified endpoints.
package org.cibseven.getstarted.loanapproval;
import org.cibseven.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter;
import org.springframework.boot.autoconfigure.web.servlet.JerseyApplicationPath;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Arrays;
@Configuration
public class FilterConfiguration {
@Bean
// Composite Authentication Filter with Jwt Token and Http Basic
public FilterRegistrationBean<ProcessEngineAuthenticationFilter> AuthenticationFilter(JerseyApplicationPath applicationPath) {
FilterRegistrationBean<ProcessEngineAuthenticationFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setName("cibseven-composite-auth");
registrationBean.setFilter(new ProcessEngineAuthenticationFilter());
registrationBean.setOrder(10);// Order of execution if multiple filters
String restApiPathPattern = applicationPath.getPath();
// Apply to all URLs under engine-rest except /engine-rest/identity/verify
String[] urlPatterns = Arrays.asList(
"/process-definition/*",
"/process-instance/*",
"/history/*",
"/execution/*",
"/batch/*",
"/decision-definition/*",
"/deployment/*",
"/filter/*",
"/incident/*",
"/job-definition/*",
"/job/*",
"/telemetry/*",
"/metrics/*",
"/authorization/*",
"/group/*",
"/user/*",
"/message/*",
"/event-subscription/*",
"/variable-instance/*",
"/task/*",
"/engine/*",
"/identity/groups"
).stream().map(pattern -> addUrl(restApiPathPattern, pattern)).toArray(String[]::new);
// Enable async support
registrationBean.setAsyncSupported(true);
// Init parameters
registrationBean.addInitParameter(
"authentication-provider",
org.cibseven.bpm.engine.rest.security.auth.impl.CompositeAuthenticationProvider.class.getName()
);
registrationBean.addUrlPatterns(urlPatterns);
return registrationBean;
}
private String addUrl(String base, String extend) {
return (base + extend).replaceFirst("^(\\/+|([^/]))", "/$2");
}
}
Build and Run
Now you can rebuild and rerun the application.
Make sure to run
mvn clean
before running mvn install
again.
When you open http://localhost:8080/ in your browser, it will redirect you to the CIB Seven web application.
Besides, when accessing the legacy Camunda web application at http://localhost:8080/camunda, you will no longer be prompted to create an admin user. Instead, you’ll be asked to log in with a username and password.
You can use “demo/demo” — the credentials configured earlier — to access the CIB seven web applications. After you logged in, you can go to Tasklist and see that a filter named “All tasks” was created, though it does not contain any tasks so far.
Catch up: Get the Sources of Step-2.
Download as .zip or checkout the corresponding tag with Git.
You can checkout the current state from the GitHub repository.
If you have not cloned the repository yet, please execute the following command:
git clone https://github.com/cibseven/cibseven-get-started-spring-boot.git
To checkout the current state of the process application please execute the following command:
git checkout -f Step-2Or download as archive from here.