Bug 991090

Summary: Process instances started via REST appear in web UI with initiator "Anonymous"
Product: [Retired] JBoss BPMS Platform 6 Reporter: Radovan Synek <rsynek>
Component: Business CentralAssignee: Marco Rietveld <mrietvel>
Status: CLOSED CURRENTRELEASE QA Contact: Radovan Synek <rsynek>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: kverlaen, rrajasek, smcgowan
Target Milestone: ER3   
Target Release: 6.0.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-06 20:10:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
server log none

Description Radovan Synek 2013-08-01 15:22:24 UTC
Try to start some process via REST and take a look at Process Management -> Process Instances in the web UI. The initiator is "Anonymous", although proper username & password was provided in the request (and the username is a valid EAP account with kie-user role).

Even more interesting is a fact, that this behaviour can be observed only right after the server started. A few minutes after, the process instance initiator is a valid username. Unfortunately, not the username provided in the REST request, but username of account logged in the UI.

Here is what I did:

1. started EAP with business central configured to use BASIC auth.

2. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

3. curl -L --basic -u admin:admin123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

4. logged into web UI with admin:admin123*

5. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

6. a minute(?) of waiting

7. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

Now the results from UI Process Instances (only the Initiator column):
Anonymous
Anonymous
Anonymous
admin

(I would expect radek, admin, radek, radek)

Comment 1 Radovan Synek 2013-08-01 15:23:08 UTC
Created attachment 781656 [details]
server log

Comment 2 Radovan Synek 2013-08-01 15:24:37 UTC
Sorry for the missing information - tested with 6.0.0.CR1

Comment 3 Marco Rietveld 2013-08-12 14:26:23 UTC
I think I've fixed it -- if it isn't this, it's a problem with the scope of the IdentityProvider. 

Commit: 
https://github.com/droolsjbpm/droolsjbpm-integration/commit/58a8d61270f2ff9486e966d085757cc7a3cd2e6a

Comment 4 Marco Rietveld 2013-08-27 12:33:37 UTC
This commit had to be rolled back because of dependency problems caused by it.

Comment 5 Marco Rietveld 2013-09-17 10:58:02 UTC
The following commits changed the basis for the authentication mechanism and, I think, fixed this problem: 

https://github.com/droolsjbpm/uberfire/commit/5540d97
https://github.com/droolsjbpm/kie-wb-distributions/commit/5878cb7c24cdfed965609cbce727cd02f282977c

These changes allowed us to use BASIC authentication with the normal web.xml (formerly, we had to use FORM authentication when the UI was active, now we can use FORM for the UI while simultaneously using BASIC for the rest services.)

Comment 6 Radovan Synek 2013-09-17 11:03:05 UTC
This issue no more exists on BPMS-6.0.0.ER3

Comment 10 Lukáš Petrovický 2014-02-07 16:15:37 UTC
This BZ has been part of the 6.0.0 stream.