Bug 991090 - Process instances started via REST appear in web UI with initiator "Anonymous"
Summary: Process instances started via REST appear in web UI with initiator "Anonymous"
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: Business Central
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ER3
: 6.0.0
Assignee: Marco Rietveld
QA Contact: Radovan Synek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-01 15:22 UTC by Radovan Synek
Modified: 2016-09-20 05:04 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 20:10:18 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
server log (220.27 KB, text/x-log)
2013-08-01 15:23 UTC, Radovan Synek 		no flags Details
View All

Description Radovan Synek 2013-08-01 15:22:24 UTC 
Try to start some process via REST and take a look at Process Management -> Process Instances in the web UI. The initiator is "Anonymous", although proper username & password was provided in the request (and the username is a valid EAP account with kie-user role).

Even more interesting is a fact, that this behaviour can be observed only right after the server started. A few minutes after, the process instance initiator is a valid username. Unfortunately, not the username provided in the REST request, but username of account logged in the UI.

Here is what I did:

1. started EAP with business central configured to use BASIC auth.

2. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

3. curl -L --basic -u admin:admin123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

4. logged into web UI with admin:admin123*

5. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

6. a minute(?) of waiting

7. curl -L --basic -u radek:radek123* -X POST http://localhost:8080/business-central/rest/runtime/${deployment}/process/${processId}/start --header "Content-Type:application/json"

Now the results from UI Process Instances (only the Initiator column):
Anonymous
Anonymous
Anonymous
admin

(I would expect radek, admin, radek, radek)
Comment 1 Radovan Synek 2013-08-01 15:23:08 UTC 
Created attachment 781656 [details]
server log
Comment 2 Radovan Synek 2013-08-01 15:24:37 UTC 
Sorry for the missing information - tested with 6.0.0.CR1
Comment 3 Marco Rietveld 2013-08-12 14:26:23 UTC 
I think I've fixed it -- if it isn't this, it's a problem with the scope of the IdentityProvider. 

Commit: 
https://github.com/droolsjbpm/droolsjbpm-integration/commit/58a8d61270f2ff9486e966d085757cc7a3cd2e6a
Comment 4 Marco Rietveld 2013-08-27 12:33:37 UTC 
This commit had to be rolled back because of dependency problems caused by it.
Comment 5 Marco Rietveld 2013-09-17 10:58:02 UTC 
The following commits changed the basis for the authentication mechanism and, I think, fixed this problem: 

https://github.com/droolsjbpm/uberfire/commit/5540d97
https://github.com/droolsjbpm/kie-wb-distributions/commit/5878cb7c24cdfed965609cbce727cd02f282977c

These changes allowed us to use BASIC authentication with the normal web.xml (formerly, we had to use FORM authentication when the UI was active, now we can use FORM for the UI while simultaneously using BASIC for the rest services.)
Comment 6 Radovan Synek 2013-09-17 11:03:05 UTC 
This issue no more exists on BPMS-6.0.0.ER3
Comment 10 Lukáš Petrovický 2014-02-07 16:15:37 UTC 
This BZ has been part of the 6.0.0 stream.
Note You need to log in before you can comment on or make changes to this bug.