Bonita with Tomcat - authentication troubleshooting

Let’s suppose you have your Tomcat with Bonita up and running, and you have a third client application that needs to consume Bonita rest API.

You may have communication issues that you need to troubleshoot.

The goal of this post is to show how to log the access information in Tomcat.

Before getting into the details, just a few words about Bonita rest authentication…

In order to successfully authenticate to the Bonita engine, the request needs to send a post request to http://bonitaserver:port/bonita/loginservice with the following parameters:

  • Request Method: post

  • Content-Type: application/x-www-form-urlencoded

  • Form Data:

  • username: a username

  • password: a password

  • redirect: true or false. false indicates that the service should not redirect to Bonita
    Portal (after a successful login) or to the login page (after a login failure)

  • redirectURL: the URL of the page to be displayed after login

If successful, the Bonita engine will send back a cookie of name JSESSIONID and another header called X-Bonita-API-Token.

The JSESSIONID and the X-Bonita-API-Token should be used by the client for all the calls.

More info: https://documentation.bonitasoft.com/bonita/7.9/rest-api-overview

You may end up in a situation in which the client cannot authenticate, or after authentication the request is rejected by Bonita.

You can debug this issue by activating a specific valve in Tomcat to trace the http access log, and configure it.

  • Open the file yourTomcatBonitaServerLocation/server/conf/server.xml

  • Scroll down to the end of the document and uncomment the Valve with className=“org.apache.catalina.valves.AccessLogValve”

  • Add to the pattern the following %{X-Bonita-API-Token}i %{JSESSIONID}c

  • Example of the Valve:
    <Valve className=“org.apache.catalina.valves.AccessLogValve” directory=“logs” prefix=“localhost_access_log” suffix=“.txt” pattern="%h %l %u %t "%r" %s %b %{X-Bonita-API-Token}i %{JSESSIONID}c/>
    put the proper prefix and suffix for the name of the log file.
    More information on the valve here: https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Access_Logging

  • Save the file and restart the server

You will see in yourTomcatBonitaServerLocation/server/logs a new log file with the client http requests to Bonita with the response code.

You will also have the information with the JSESSIONID and X-Bonita-API-Token so you can detect if they have been filled properly by the client application.

That’s all folks!