Configure security with the com.activiti.conf.SecurityConfiguration class. It allows to switch between database and LDAP/Active Directory authentication out of the box. It also configures REST endpoints under "/app" to be protected using a cookie-based approach with tokens and REST endpoints under "/api" to be protected by Basic Auth.
You can override these defaults, if the out-of-the-box options are not adequate for your environment. The following sections describe the different options.
All the overrides described in the following sections follow the same pattern of creating a Java class that implements a certain interface. This class needs to be annotated by @Component and must be found in a package that is component-scanned.