Accessing REST api flowNode

1
+1
-1

Hello,
I'm trying to use the redirectNextTask widget on a form and everything worked fine until I deployed the process on a testing server. On the testing server, everytime I open the task and the form gets loaded, the page gets redirected. After some debug I found that the problem was that when the script inside the redirectNextTask widget was calling the rest api /bonita/API/bpm/flowNode/16 (16 is an example) I get an HTTP ERROR 403 (forbidden access).

This only happens if the logged user doesn't have associated the administrator profile. Users with the administrator profile can access that URL just fine.

I don't see on the documentation anything about the profile of the user on the bpm REST api. How can I enable this url (rest api) for the users with USER profile?

Thanks

Comments

Submitted by fcanepa on Thu, 04/13/2017 - 20:50

I'm working on Bonita 7.4.3

2 answers

1
+1
-1

Have a look at the Bonitasoft Security videos here:
http://community.bonitasoft.com/video-tutorials/how-secure-your-bonita-b...

For your specific issue I would look at Part 2:

Part 2 - API
Deactivate your HTTP API and tune your REST API authorization rules by applying dynamic business checks. Learn how to write your own rules and how to apply them.

regards
Seán

PS: As this reply offers an answer your question, and if you like it, please Mark UP and/or as Resolved.

Comments

Submitted by franco.canepa on Mon, 04/17/2017 - 19:39

Hello, I checked the link you sent me and I says that do disable the REST API authorization I should modify the file scurity-config.properties but when I check the instalation directory (tomcat bundle) there is two files with that name on different directories.

C:\BonitaBPMCommunity-7.4.3-Tomcat-7.0.67\setup\platform_conf\initial\tenant_template_portal
C:\BonitaBPMCommunity-7.4.3-Tomcat-7.0.67\setup\platform_conf\initial\platform_portal

¿Which should I modify?

1
0
-1
Notifications