Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-5129

OPTIONS requests perform authorization checks also when authorization is disabled

    XMLWordPrintable

    Details

      Description

      Problem:

      • configure a process engine with authorizationEnabled = false
      • execute for example the following request:
        OPTIONS /filter
        

      -> An authorization check is performed (see https://github.com/camunda/camunda-bpm-platform/blob/master/engine-rest/engine-rest/src/main/java/org/camunda/bpm/engine/rest/impl/FilterRestServiceImpl.java#L150)

      Expected behavior:
      If authorization is disabled, then there are no authorization checks done when executing an OPTIONS request.

      Hint:
      This concerns every OPTIONS request.

        Attachments

          Activity

            People

            Assignee:
            meyer Daniel Meyer
            Reporter:
            roman.smirnov Roman Smirnov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: