1

我今天正在尝试 Camunda Enterprise 并注意到这个问题:

java.lang.IllegalStateException: Cannot create a session after the response has been committed
    at org.apache.catalina.connector.Request.doGetSession(Request.java:2993)
    at org.apache.catalina.connector.Request.getSession(Request.java:2432)
    at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:908)
    at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:920)
    at org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.parkway.camunda.config.filter.CorsFilter.doFilterInternal(CorsFilter.java:25)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    ...

不确定这是否是错误?只发生在

Spring-Boot:  (v2.2.1.RELEASE)
Camunda BPM: (v7.12.0-ee)
Camunda BPM Spring Boot Starter: (v3.4.0)

我尝试过使用相同的代码集,并且运行良好

Spring-Boot:  (v2.2.1.RELEASE)
Camunda BPM: (v7.10.0)
Camunda BPM Spring Boot Starter: (v3.2.0)

有人可以帮我检查一下吗?
谢谢,

4

1 回答 1

0

在网上搜索了一天,终于找到了问题所在。

根本原因:因为我在 Camunda 网站之外调用 REST API 而不打开身份验证机制并且还使用 /api/abc/do-something

参考:https ://docs.camunda.org/manual/7.6/reference/rest/overview/authentication/

REST API 附带了 HTTP 基本身份验证的实现。默认情况下它是关闭的。

任何不针对特定引擎的请求(即,它不是 /engine/{name}/... 的形式)都将针对默认引擎进行身份验证。

解决方案:

  1. 更改 API 路径:from /api/abc/do-something -> /engine/api/abc/do-something
  2. 通过添加此配置类来打开身份验证(如果您使用的是 Spring Boot)
@Configuration
public class CamundaSecurityFilter {

    @Bean
    public FilterRegistrationBean processEngineAuthenticationFilter() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setName("camunda-auth");
        registration.setFilter(getProcessEngineAuthenticationFilter());
        registration.addInitParameter("authentication-provider",
                "org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
        registration.addUrlPatterns("/*");
        return registration;
    }

    @Bean
    public Filter getProcessEngineAuthenticationFilter() {
        return new ProcessEngineAuthenticationFilter();
    }
}

感谢这些家伙:https ://forum.camunda.org/t/turn-on-basic-http-authentication-for-rest-api-in-spring-boot/3431

于 2020-04-24T10:26:38.400 回答