Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 991090 - Process instances started via REST appear in web UI with initiator "Anonymous"
Summary: Process instances started via REST appear in web UI with initiator "Anonymous"
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: Business Central
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ER3
: 6.0.0
Assignee: Marco Rietveld
QA Contact: Radovan Synek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-01 15:22 UTC by Radovan Synek
Modified: 2016-09-20 05:04 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 20:10:18 UTC
Type: Bug


Attachments (Terms of Use)
server log (deleted)
2013-08-01 15:23 UTC, Radovan Synek
no flags Details

Description Radovan Synek 2013-08-01 15:22:24 UTC
Try to start some process via REST and take a look at Process Management -> Process Instances in the web UI. The initiator is "Anonymous", although proper username & password was provided in the request (and the username is a valid EAP account with kie-user role).

Even more interesting is a fact, that this behaviour can be observed only right after the server started. A few minutes after, the process instance initiator is a valid username. Unfortunately, not the username provided in the REST request, but username of account logged in the UI.

Here is what I did:

1. started EAP with business central configured to use BASIC auth.

2. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

3. curl -L --basic -u admin:admin123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

4. logged into web UI with admin:admin123*

5. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

6. a minute(?) of waiting

7. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

Now the results from UI Process Instances (only the Initiator column):
Anonymous
Anonymous
Anonymous
admin

(I would expect radek, admin, radek, radek)

Comment 1 Radovan Synek 2013-08-01 15:23:08 UTC
Created attachment 781656 [details]
server log

Comment 2 Radovan Synek 2013-08-01 15:24:37 UTC
Sorry for the missing information - tested with 6.0.0.CR1

Comment 3 Marco Rietveld 2013-08-12 14:26:23 UTC
I think I've fixed it -- if it isn't this, it's a problem with the scope of the IdentityProvider. 

Commit: 
https://github.com/droolsjbpm/droolsjbpm-integration/commit/58a8d61270f2ff9486e966d085757cc7a3cd2e6a

Comment 4 Marco Rietveld 2013-08-27 12:33:37 UTC
This commit had to be rolled back because of dependency problems caused by it.

Comment 5 Marco Rietveld 2013-09-17 10:58:02 UTC
The following commits changed the basis for the authentication mechanism and, I think, fixed this problem: 

https://github.com/droolsjbpm/uberfire/commit/5540d97
https://github.com/droolsjbpm/kie-wb-distributions/commit/5878cb7c24cdfed965609cbce727cd02f282977c

These changes allowed us to use BASIC authentication with the normal web.xml (formerly, we had to use FORM authentication when the UI was active, now we can use FORM for the UI while simultaneously using BASIC for the rest services.)

Comment 6 Radovan Synek 2013-09-17 11:03:05 UTC
This issue no more exists on BPMS-6.0.0.ER3

Comment 10 Lukáš Petrovický 2014-02-07 16:15:37 UTC
This BZ has been part of the 6.0.0 stream.


Note You need to log in before you can comment on or make changes to this bug.