Configure security with the com.activiti.conf.SecurityConfiguration class. It allows to switch between database and LDAP/Active Directory authentication out of the box. It also configures REST endpoints under "/app" to be protected using a cookie-based approach with tokens and REST endpoints under "/api" to be protected by Basic Auth.
You can override these defaults, if the out-of-the-box options are not adequate for your environment. The following sections describe the different options.