接上一篇:
第8篇:Flowable-Modeler集成之Flowable-modeler源码编译
https://blog.csdn.net/weixin_40816738/article/details/102901026
文章目录
- 一、背景
- 二、代码修改,去除认证
- 2.1. 修改拦截请求
- 2.2. 修改用户查询信息
- 2.3. 账号查询请求修改
- 2.4. 效果验证
- 2.5. 登录验证
- 三、集成设计
一、背景
目前我们已经修改完成了modeler单独编译,现在我们需要去除modeler的相关认证,并且自动使用超级用户来完成modeler的用户查询
二、代码修改,去除认证
2.1. 修改拦截请求
修改文件:SecurityConfiguration.java,让spring security不拦截请求,修改后代码:
/* Licensed under the Apache License, Version 2.0 (the "License");* you may not use this file except in compliance with the License.* You may obtain a copy of the License at** http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.*/
package org.flowable.ui.modeler.conf;import java.util.Collections;import org.flowable.ui.common.filter.FlowableCookieFilterRegistrationBean;
import org.flowable.ui.common.properties.FlowableCommonAppProperties;
import org.flowable.ui.common.properties.FlowableRestAppProperties;
import org.flowable.ui.common.security.ActuatorRequestMatcher;
import org.flowable.ui.common.security.ClearFlowableCookieLogoutHandler;
import org.flowable.ui.common.security.DefaultPrivileges;
import org.flowable.ui.common.service.idm.RemoteIdmService;
import org.flowable.ui.modeler.properties.FlowableModelerAppProperties;
import org.flowable.ui.modeler.security.AjaxLogoutSuccessHandler;
import org.flowable.ui.modeler.security.RemoteIdmAuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;/*** Based on http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity* * @author Joram Barrez* @author Tijs Rademakers* @author Filip Hrisafov*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfiguration.class);public static final String REST_ENDPOINTS_PREFIX = "/app/rest";@Autowiredprotected RemoteIdmAuthenticationProvider authenticationProvider;
//
// @Bean
// public FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean(RemoteIdmService remoteIdmService, FlowableCommonAppProperties properties) {
// FlowableCookieFilterRegistrationBean filter = new FlowableCookieFilterRegistrationBean(remoteIdmService, properties);
// filter.addUrlPatterns("/app/*");
// filter.setRequiredPrivileges(Collections.singletonList(DefaultPrivileges.ACCESS_MODELER));
// return filter;
// }@Autowiredpublic void configureGlobal(AuthenticationManagerBuilder auth) {// Default auth (database backed)try {auth.authenticationProvider(authenticationProvider);} catch (Exception e) {LOGGER.error("Could not configure authentication mechanism:", e);}}// @Configuration
// @Order(10)
// public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
//
// @Autowired
// protected FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean;
//
// @Autowired
// protected AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
//
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// http
// .sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .addFilterBefore(flowableCookieFilterRegistrationBean.getFilter(), UsernamePasswordAuthenticationFilter.class)
// .logout()
// .logoutUrl("/app/logout")
// .logoutSuccessHandler(ajaxLogoutSuccessHandler)
// .addLogoutHandler(new ClearFlowableCookieLogoutHandler())
// .and()
// .csrf()
// .disable() // Disabled, cause enabling it will cause sessions
// .headers()
// .frameOptions()
// .sameOrigin()
// .addHeaderWriter(new XXssProtectionHeaderWriter())
// .and()
// .authorizeRequests()
// .antMatchers(REST_ENDPOINTS_PREFIX + "/**").hasAuthority(DefaultPrivileges.ACCESS_MODELER);
// }
// }//// BASIC AUTH//@Configuration@Order(1)public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {protected final FlowableRestAppProperties restAppProperties;protected final FlowableModelerAppProperties modelerAppProperties;public ApiWebSecurityConfigurationAdapter(FlowableRestAppProperties restAppProperties,FlowableModelerAppProperties modelerAppProperties) {this.restAppProperties = restAppProperties;this.modelerAppProperties = modelerAppProperties;}protected void configure(HttpSecurity http) throws Exception {http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").permitAll();// if (modelerAppProperties.isRestEnabled()) {
//
//
// if (restAppProperties.isVerifyRestApiPrivilege()) {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").hasAuthority(DefaultPrivileges.ACCESS_REST_API).and().httpBasic();
// } else {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").authenticated().and().httpBasic();
//
// }
//
// } else {
// http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").denyAll();
//
// }}}//// Actuator//@ConditionalOnClass(EndpointRequest.class)@Configuration@Order(5) // Actuator configuration should kick in before the Form Login there should always be http basic for the endpointspublic static class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {protected void configure(HttpSecurity http) throws Exception {http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();http.requestMatcher(new ActuatorRequestMatcher()).authorizeRequests().requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated().requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN).and().httpBasic();}}
}核心修改为:
http.antMatcher("/api/**").authorizeRequests().antMatchers("/api/**").permitAll();
2.2. 修改用户查询信息
核心文件为SecurityUtils.java,核心修改内容如下:
/*** @return the {@link User} object associated with the current logged in user.*/public static User getCurrentUserObject() {if (assumeUser != null) {return assumeUser;}RemoteUser user = new RemoteUser();
// FlowableAppUser appUser = getCurrentFlowableAppUser();
// if (appUser != null) {
// user = appUser.getUserObject();
// }user.setId("admin");user.setDisplayName("admin");user.setFirstName("admin");user.setLastName("admin");user.setEmail("admin@admin.com");user.setPassword("test");List<String> pris = new ArrayList<>();pris.add(DefaultPrivileges.ACCESS_MODELER);pris.add(DefaultPrivileges.ACCESS_IDM);pris.add(DefaultPrivileges.ACCESS_ADMIN);pris.add(DefaultPrivileges.ACCESS_TASK);pris.add(DefaultPrivileges.ACCESS_REST_API);user.setPrivileges(pris);return user;}2.3. 账号查询请求修改
如下,文件为RemoteAccountResource.java:
/*** GET /rest/account -> get the current user.*/@RequestMapping(value = "/rest/account", method = RequestMethod.GET, produces = "application/json")public UserRepresentation getAccount() {UserRepresentation userRepresentation = new UserRepresentation();userRepresentation.setFirstName("admin");userRepresentation.setLastName("admin");userRepresentation.setFullName("admin");userRepresentation.setId("admin");List<String> pris = new ArrayList<>();pris.add(DefaultPrivileges.ACCESS_MODELER);pris.add(DefaultPrivileges.ACCESS_IDM);pris.add(DefaultPrivileges.ACCESS_ADMIN);pris.add(DefaultPrivileges.ACCESS_TASK);pris.add(DefaultPrivileges.ACCESS_REST_API);userRepresentation.setPrivileges(pris);
// UserRepresentation userRepresentation = null;
// String currentUserId = SecurityUtils.getCurrentUserId();
// if (currentUserId != null) {
// RemoteUser remoteUser = remoteIdmService.getUser(currentUserId);
// if (remoteUser != null) {
// userRepresentation = new UserRepresentation(remoteUser);
//
// if (remoteUser.getGroups() != null && remoteUser.getGroups().size() > 0) {
// List<GroupRepresentation> groups = new ArrayList<>();
// for (RemoteGroup remoteGroup : remoteUser.getGroups()) {
// groups.add(new GroupRepresentation(remoteGroup));
// }
// userRepresentation.setGroups(groups);
// }
//
// if (remoteUser.getPrivileges() != null && remoteUser.getPrivileges().size() > 0) {
// userRepresentation.setPrivileges(remoteUser.getPrivileges());
// }
//
// }
// }if (userRepresentation != null) {return userRepresentation;} else {throw new NotFoundException();}}
2.4. 效果验证
通过类FlowableModelerApplication启动,启动后效果如下:
2.5. 登录验证
进入登录页面http://localhost:8889/flowable-modeler,没有认证直接可以进来
Modeler集成源码下载
github链接:https://github.com/gb-heima/flowable-root
网盘链接:
| 链接 | https://pan.baidu.com/s/1nVAzNYRizCEwO9mVfTI01w |
|---|---|
| 提取码 | 46b2 |
三、集成设计
将modeler作为一个单独的微服务存在,可以独立db,也可以公用db,如果独立db,那么将流程导出,在自己的框架中导入,公用db,配置个流程查询页面即可,代码到这个地步基本随便集成了,后续我们深入研究如何是用流程的一些API,并尽量设计一个通用的服务,敬请期待。
下一篇:
第10篇:Flowable-BPMN操作流程部署、启动
https://blog.csdn.net/weixin_40816738/article/details/102902348
