Disabling the Authentication

For development or testing purposes, authentication in X4 BPMS can be completely disabled using the plugin de.softproject.x4.auth.noauth.activator in conjunction with a configuration file. In this case, all HTTP requests are accepted without authentication.

Security warning
This configuration is only suitable for test or development environments. In production systems, authentication must not be disabled.

Activating the plugin

The plugin is included in the standard X4 BPMS package and is located in the directory <Server_directory>\wildfly\modules\de\softproject\x4\auth\noauth\activator\main.

How to activate the plugin

Open the module.xml file in the wildfly\modules\de\softproject\extensions\main folder.

Within the <dependencies> element, add the following line:

XML

<module name="de.softproject.x4.auth.noauth.activator" export="true" optional="false"/>

Open the module.xml file in the wildfly\modules\de\softproject\platform\main folder.

Remove the following line:

XML

<module name="de.softproject.x4.auth.elytron.activator" export="true" optional="false"/>

⇨ The de.softproject.x4.auth.noauth.activator plugin is activated and is used automatically when the server starts.

Note:

If you enable the plug-in without creating and integrating the associated configuration file, all HTTP requests are blocked and a warning is displayed in the server log.

This prevents you from accidentally disabling authentication.

Creating and integrating the configuration file

In addition to the plugin, you need the configuration file no_authentication_config.xml to disable authentication.

How to create the configuration file

Open an editor, such as Notepad++.

Create a new file with the following content.

XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<NoAuthenticationConfiguration>
	<UserData>
		<UserName>User1</UserName>
		<Roles>
			<Role>x4_dev_access</Role>
			<Role>x4_dev_access_*</Role>
			<Role>x4_admin_access</Role>
		</Roles>
	</UserData>
	<IsEnabled>true</IsEnabled>
	<DisableLogWarning>false</DisableLogWarning>
	<AllowOtherClientAddressesThanLocalhost>true</AllowOtherClientAddressesThanLocalhost>
	</NoAuthenticationConfiguration>

Place the file named no_authentication_config.xml in the <server_directory>\configurations directory.
⇨ The file is used automatically when the server starts.

The no_authentication_config.xml file contains the following elements:

Element	Description
`NoAuthenticationConfiguration`	Root element of the XML file
`UserData`	Data for the authenticated user object (user name, roles)
`IsEnabled`	Enables login mode without authentication. `de.softproject.x4.auth.noauth.activator` Possible values: `true` (default): All requests are allowed without authentication. `false`: All requests will be blocked even if the `de.softproject.x4.auth.noauth.activator` plugin has been activated.
`DisableLogWarning`	Disables the alert in each HTTP request that indicates that authentication has been disabled. Note: This does not apply to the initial warning displayed when the server starts. This warning cannot be disabled.
`AllowOtherClientAddressThanLocalhost`	Allows the use of client addresses other than `localhost` connections. Possible values: `true`: Connections other than `localhost` connections can be used. `false`: Only `localhost` connections can be used.