Flowable深入浅出-9 Flowable-Modeler集成以及集成代码下载
背景
目前我们已经修改完成了modeler单独编译,现在我们需要去除modeler的相关认证,并且自动使用超级用户来完成modeler的用户查询
代码修改
- 去除认证
修改文件:SecurityConfiguration.java,让spring security不拦截请求,修改后代码:
/* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.flowable.ui.modeler.conf;
import java.util.Collections;
import org.flowable.ui.common.filter.FlowableCookieFilterRegistrationBean;
import org.flowable.ui.common.properties.FlowableCommonAppProperties;
import org.flowable.ui.common.properties.FlowableRestAppProperties;
import org.flowable.ui.common.security.ActuatorRequestMatcher;
import org.flowable.ui.common.security.ClearFlowableCookieLogoutHandler;
import org.flowable.ui.common.security.DefaultPrivileges;
import org.flowable.ui.common.service.idm.RemoteIdmService;
import org.flowable.ui.modeler.properties.FlowableModelerAppProperties;
import org.flowable.ui.modeler.security.AjaxLogoutSuccessHandler;
import org.flowable.ui.modeler.security.RemoteIdmAuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
/**
* Based on http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity
*
* @author Joram Barrez
* @author Tijs Rademakers
* @author Filip Hrisafov
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfiguration.class);
public static final String REST_ENDPOINTS_PREFIX = "/app/rest";
@Autowired
protected RemoteIdmAuthenticationProvider authenticationProvider;
//
// @Bean
// public FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean(RemoteIdmService remoteIdmService, FlowableCommonAppProperties properties) {
// FlowableCookieFilterRegistrationBean filter = new FlowableCookieFilterRegistrationBean(remoteIdmService, properties);
// filter.addUrlPatterns("/app/*");
// filter.setRequiredPrivileges(Collections.singletonList(DefaultPrivileges.ACCESS_MODELER));
// return filter;
// }
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
// Default auth (database backed)
try {
auth.authenticationProvider(authenticationProvider);
} catch (Exception e) {
LOGGER.error("Could not configure authentication mechanism:", e);
}
}
// @Configuration
// @Order(10)
// public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
//
// @Autowired
// protected FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean;
//
// @Autowired
// protected AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
//
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// http
// .sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .addFilterBefore(flowableCookieFilterRegistrationBean.getFilter(), UsernamePasswordAuthenticationFilter.class)
// .logout()
// .logoutUrl("/app/logout")
// .logoutSuccessHandler(ajaxLogoutSuccessHandler)
// .addLogoutHandler(new ClearFlowableCookieLogoutHandler())
// .and()
// .csrf()
// .disable() // Disabled, cause enabling it will cause sessions
// .headers()
// .frameOptions()
// .sameOrigin()
// .addHeaderWriter(new XXssProtectionHeaderWriter())
// .and()
// .authorizeRequests()
// .antMatchers(REST_ENDPOINTS_PREFIX + "/**").hasAuthority(DefaultPrivileges.ACCESS_MODELER);
// }
// }
//
// BASIC AUTH
//
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected final FlowableRestAppProperties restAppProperties;
protected final FlowableModelerAppProperties modelerAppProperties;
public ApiWebSecurityConfigurationAdapter(FlowableRestAppProperties restAppProperties,
FlowableModelerAppProperties modelerAppProperties) {
this.restAppProperties = restAppProperties;
this.modelerAppProperties = modelerAppProperties;
}
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").permitAll();
// if (modelerAppProperties.isRestEnabled()) {
//
//
// if (restAppProperties.isVerifyRestApiPrivilege()) {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").hasAuthority(DefaultPrivileges.ACCESS_REST_API).and().httpBasic();
// } else {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").authenticated().and().httpBasic();
//
// }
//
// } else {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").denyAll();
//
// }
}
}
//
// Actuator
//
@ConditionalOnClass(EndpointRequest.class)
@Configuration
@Order(5) // Actuator configuration should kick in before the Form Login there should always be http basic for the endpoints
public static class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http
.requestMatcher(new ActuatorRequestMatcher())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
.and().httpBasic();
}
}
}
核心修改为:http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").permitAll();
3. 修改用户查询信息,核心文件为SecurityUtils.java,核心修改内容如下:
/**
* @return the {@link User} object associated with the current logged in user.
*/
public static User getCurrentUserObject() {
if (assumeUser != null) {
return assumeUser;
}
RemoteUser user = new RemoteUser();
// FlowableAppUser appUser = getCurrentFlowableAppUser();
// if (appUser != null) {
// user = appUser.getUserObject();
// }
user.setId("admin");
user.setDisplayName("admin");
user.setFirstName("admin");
user.setLastName("admin");
user.setEmail("[email protected]");
user.setPassword("test");
List<String> pris = new ArrayList<>();
pris.add(DefaultPrivileges.ACCESS_MODELER);
pris.add(DefaultPrivileges.ACCESS_IDM);
pris.add(DefaultPrivileges.ACCESS_ADMIN);
pris.add(DefaultPrivileges.ACCESS_TASK);
pris.add(DefaultPrivileges.ACCESS_REST_API);
user.setPrivileges(pris);
return user;
}
4.账号查询请求修改如下,文件为RemoteAccountResource.java:
/**
* GET /rest/account -> get the current user.
*/
@RequestMapping(value = "/rest/account", method = RequestMethod.GET, produces = "application/json")
public UserRepresentation getAccount() {
UserRepresentation userRepresentation = new UserRepresentation();
userRepresentation.setFirstName("admin");
userRepresentation.setLastName("admin");
userRepresentation.setFullName("admin");
userRepresentation.setId("admin");
List<String> pris = new ArrayList<>();
pris.add(DefaultPrivileges.ACCESS_MODELER);
pris.add(DefaultPrivileges.ACCESS_IDM);
pris.add(DefaultPrivileges.ACCESS_ADMIN);
pris.add(DefaultPrivileges.ACCESS_TASK);
pris.add(DefaultPrivileges.ACCESS_REST_API);
userRepresentation.setPrivileges(pris);
// UserRepresentation userRepresentation = null;
// String currentUserId = SecurityUtils.getCurrentUserId();
// if (currentUserId != null) {
// RemoteUser remoteUser = remoteIdmService.getUser(currentUserId);
// if (remoteUser != null) {
// userRepresentation = new UserRepresentation(remoteUser);
//
// if (remoteUser.getGroups() != null && remoteUser.getGroups().size() > 0) {
// List<GroupRepresentation> groups = new ArrayList<>();
// for (RemoteGroup remoteGroup : remoteUser.getGroups()) {
// groups.add(new GroupRepresentation(remoteGroup));
// }
// userRepresentation.setGroups(groups);
// }
//
// if (remoteUser.getPrivileges() != null && remoteUser.getPrivileges().size() > 0) {
// userRepresentation.setPrivileges(remoteUser.getPrivileges());
// }
//
// }
// }
if (userRepresentation != null) {
return userRepresentation;
} else {
throw new NotFoundException();
}
}
效果验证
通过类FlowableModelerApplication启动,启动后效果如下:
进入登录页面http://localhost:8889/flowable-modeler,没有认证直接可以进来
Modeler集成源码下载
下载地址:https://download.****.net/download/houyj1986/10902227
集成设计
将modeler作为一个单独的微服务存在,可以独立db,也可以公用db,如果独立db,那么将流程导出,在自己的框架中导入,公用db,配置个流程查询页面即可,代码到这个地步基本随便集成了,后续我们深入研究如何是用流程的一些API,并尽量设计一个通用的服务,敬请期待。
打赏
如果您觉得该文章对您有帮助,欢迎打赏作者,谢谢。
版权
版权所有,侵权必究,代码与文章,使用、copy、转载请联系作者。由书山登峰人创作。