Menu
I am starting with camunda BPM so I am using https://start.camunda.com/ to create camunda spring boot application. I have created admin user with dummy/dummy credentials I have kepy spring security options as off over there as start.
Starter settings at a glance :
When I start application I am getting following error whenever I use my creds :
Login Failed :
CSRFPreventionFilter: Invalid HTTP Header Token
I dont see any relevant settings in application.yml
854
Looks like there is a bug in given version of Camunda. So as to manually suppress CSRFFilter I added following configuration . After that it is working now.
package com.example.workflow;
import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CsrfAutoConfiguration {
private static final String CSRF_PREVENTION_FILTER = "CsrfPreventionFilter";
/**
* Overwrite csrf filter from Camunda configured here
* org.camunda.bpm.spring.boot.starter.webapp.CamundaBpmWebappInitializer
* org.camunda.bpm.spring.boot.starter.webapp.filter.SpringBootCsrfPreventionFilter
* Is configured with basically a 'no-op' filter
*/
@Bean
public ServletContextInitializer csrfOverwrite() {
return servletContext -> servletContext.addFilter(CSRF_PREVENTION_FILTER, (request, response, chain) -> chain.doFilter(request, response));
}
}
Courtesy: https://forum.camunda.org/t/how-to-disable-csrfpreventionfilter/13095/8
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With