2 Replies Latest reply on Dec 17, 2014 9:49 AM by Tomasz Jastrzębski

    Access to REST API for any authenticated users

    Tomasz Jastrzębski Newbie

      Hi all,

       

      I'm using jbpm6.1 and I'm noticed that I have access to REST API with any authenticated user even if he has no jbpm role.

       

      Eg. I added to tomcat-users.xml (I'm using jbpm with tomcat7) user with single maganger-gui role and this user has access to jbpm REST API and he is able to get tasks via rest from jbpm.

       

      Has anyone idea how to limit access to REST API only for users with specified role, eg. user or admin?

       

      Thanks for help,

      Tomek