inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into stable

Browse Source
This commit is contained in:
Brian Long
2025-05-05 11:18:56 -04:00
parent 3d3a7433c5 790836194e
commit 0b032f1f7f
4 changed files with 334 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -29,6 +29,10 @@ grant codeBase "file:${catalina.base}/ext/-" {
}
```
### Dependencies
This extension requires the [`multiext-activiti-app-ext`](https://git.inteligr8.com/inteligr8/multiext-activiti-app-ext). Without it, APS will fail to startup. It is very small and requires no additional configuration.
## Support Matrix
| Auth Activiti App Extension | Activiti App |

589
pom.xml
View File

@@ -1,294 +1,295 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.inteligr8.activiti</groupId>
<artifactId>auth-activiti-app-ext</artifactId>
<version>2.0.0</version>
<name>Authentication &amp; Authorization for APS</name>
<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url>
<licenses>
<license>
<name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
<url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
</license>
</licenses>
<scm>
<connection>scm:git:https://bitbucket.org/inteligr8/auth-activiti-app-ext.git</connection>
<developerConnection>scm:git:git@bitbucket.org:inteligr8/auth-activiti-app-ext.git</developerConnection>
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url>
</scm>
<organization>
<name>Inteligr8</name>
<url>https://www.inteligr8.com</url>
</organization>
<developers>
<developer>
<id>brian.long</id>
<name>Brian Long</name>
<email>brian@inteligr8.com</email>
<url>https://twitter.com/brianmlong</url>
</developer>
</developers>
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<maven.compiler.release>17</maven.compiler.release>
<aps.version>25.1.1</aps.version>
<!-- for RAD -->
<tomcat-rad.version>10-2.2</tomcat-rad.version>
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-Dauth-ext.oauth.enabled=true \
-Dauth-ext.external.id=keycloak \
-Dauth-ext.sync.group.translate.patterns=aps-admin \
-Dauth-ext.sync.group.translate.replacements=Superusers \
-Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base>
<aps.timeout>120000</aps.timeout>
<keycloak.realm>my-app</keycloak.realm>
<oauth.client.id>aps-app-public</oauth.client.id>
<oauth.client.secret></oauth.client.secret>
</properties>
<dependencies>
<!-- Needed for Activiti App Identity Service inheritance/override -->
<!-- includes activiti-app-logic for API -->
<dependency>
<groupId>com.activiti</groupId>
<artifactId>activiti-app</artifactId>
<version>${aps.version}</version>
<classifier>classes</classifier>
<scope>provided</scope>
<exclusions>
<!-- not necessary to download for building -->
<exclusion>
<groupId>com.activiti</groupId>
<artifactId>aspose-transformation</artifactId>
</exclusion>
<exclusion>
<groupId>org.alfresco.officeservices</groupId>
<artifactId>aoservices</artifactId>
</exclusion>
<!-- very old and overrides real spring version -->
<exclusion>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>io.repaint.maven</groupId>
<artifactId>tiles-maven-plugin</artifactId>
<version>2.40</version>
<extensions>true</extensions>
<configuration>
<tiles>
<!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile -->
<!--
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile>
-->
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile>
</tiles>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>activiti-oauth-confidential</id>
<activation>
<property>
<name>secret</name>
</property>
</activation>
<properties>
<oauth.client.id>aps-app-confidential</oauth.client.id>
<oauth.client.secret>a-secret</oauth.client.secret>
</properties>
</profile>
<profile>
<id>activiti-oauth-legacy</id>
<activation>
<property>
<name>rad</name>
<value>!spring</value>
</property>
</activation>
<properties>
<aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dactiviti.identity-service.enabled=true \
-Dactiviti.identity-service.realm=${keycloak.realm} \
-Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \
-Dactiviti.identity-service.resource=${oauth.client.id} \
-Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \
-Dactiviti.use-browser-based-logout=true \
-Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts>
</properties>
</profile>
<profile>
<id>activiti-oauth-spring</id>
<activation>
<property>
<name>rad</name>
<value>spring</value>
</property>
</activation>
<properties>
<aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dsecurity.oauth2.authentication.enabled=true \
-Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \
-Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \
-Dsecurity.oauth2.client.registration.my-app.provider=aps-app \
-Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts>
</properties>
</profile>
<profile>
<id>rad-keycloak</id>
<activation>
<property>
<name>rad</name>
</property>
</activation>
<properties>
<!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. -->
<!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards -->
<keycloak.server.version>26.2</keycloak.server.version>
<keycloak.server.port>8081</keycloak.server.port>
</properties>
<build>
<plugins>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.46.0</version>
<executions>
<execution>
<id>run-keycloak</id>
<phase>test-compile</phase>
<goals><goal>start</goal></goals>
<configuration>
<images>
<image>
<name>keycloak/keycloak:${keycloak.server.version}</name>
<alias>keycloak</alias>
<run>
<cmd>start-dev --import-realm</cmd>
<env>
<KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
<KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
</env>
<ports>
<port>${keycloak.server.port}:8080</port>
</ports>
<network>
<mode>custom</mode>
<name>${project.artifactId}</name>
</network>
<extraHosts>
<host>host.docker.internal:host-gateway</host>
</extraHosts>
<volumes>
<bind>
<volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume>
</bind>
</volumes>
</run>
</image>
</images>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>ossrh-release</id>
<properties>
<maven.deploy.skip>true</maven.deploy.skip>
</properties>
<build>
<plugins>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>source</id>
<phase>package</phase>
<goals><goal>jar-no-fork</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<id>javadoc</id>
<phase>package</phase>
<goals><goal>jar</goal></goals>
<configuration>
<show>public</show>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign</id>
<phase>verify</phase>
<goals><goal>sign</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.7.0</version>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
<executions>
<execution>
<id>ossrh-deploy</id>
<phase>deploy</phase>
<goals><goal>deploy</goal></goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<repositories>
<repository>
<id>activiti-releases</id>
<url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
</repository>
</repositories>
</project>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.inteligr8.activiti</groupId>
<artifactId>auth-activiti-app-ext</artifactId>
<version>2.0.1</version>
<name>Authentication &amp; Authorization for APS</name>
<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
<url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
<licenses>
<license>
<name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
<url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
</license>
</licenses>
<scm>
<connection>scm:git:https://git.inteligr8.com/inteligr8/auth-activiti-app-ext.git</connection>
<developerConnection>scm:git:git@git.inteligr8.com:inteligr8/auth-activiti-app-ext.git</developerConnection>
<url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
</scm>
<organization>
<name>Inteligr8</name>
<url>https://www.inteligr8.com</url>
</organization>
<developers>
<developer>
<id>brian.long</id>
<name>Brian Long</name>
<email>brian@inteligr8.com</email>
<url>https://twitter.com/brianmlong</url>
</developer>
</developers>
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<maven.compiler.release>17</maven.compiler.release>
<aps.version>25.1.1</aps.version>
<!-- for RAD -->
<tomcat-rad.version>10-2.2</tomcat-rad.version>
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-Dauth-ext.oauth.enabled=true \
-Dauth-ext.external.id=keycloak \
-Dauth-ext.sync.group.translate.patterns=aps-admin \
-Dauth-ext.sync.group.translate.replacements=Superusers \
-Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base>
<aps.timeout>120000</aps.timeout>
<keycloak.realm>my-app</keycloak.realm>
<oauth.client.id>aps-app-public</oauth.client.id>
<oauth.client.secret></oauth.client.secret>
</properties>
<dependencies>
<!-- Needed for Activiti App Identity Service inheritance/override -->
<!-- includes activiti-app-logic for API -->
<dependency>
<groupId>com.activiti</groupId>
<artifactId>activiti-app</artifactId>
<version>${aps.version}</version>
<classifier>classes</classifier>
<scope>provided</scope>
<exclusions>
<!-- not necessary to download for building -->
<exclusion>
<groupId>com.activiti</groupId>
<artifactId>aspose-transformation</artifactId>
</exclusion>
<exclusion>
<groupId>org.alfresco.officeservices</groupId>
<artifactId>aoservices</artifactId>
</exclusion>
<!-- very old and overrides real spring version -->
<exclusion>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>io.repaint.maven</groupId>
<artifactId>tiles-maven-plugin</artifactId>
<version>2.40</version>
<extensions>true</extensions>
<configuration>
<tiles>
<!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile -->
<!--
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile>
-->
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile>
</tiles>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>activiti-oauth-confidential</id>
<activation>
<property>
<name>secret</name>
</property>
</activation>
<properties>
<oauth.client.id>aps-app-confidential</oauth.client.id>
<oauth.client.secret>a-secret</oauth.client.secret>
</properties>
</profile>
<profile>
<id>activiti-oauth-legacy</id>
<activation>
<property>
<name>rad</name>
<value>!spring</value>
</property>
</activation>
<properties>
<aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dactiviti.identity-service.enabled=true \
-Dactiviti.identity-service.realm=${keycloak.realm} \
-Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \
-Dactiviti.identity-service.resource=${oauth.client.id} \
-Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \
-Dactiviti.use-browser-based-logout=true \
-Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts>
</properties>
</profile>
<profile>
<id>activiti-oauth-spring</id>
<activation>
<property>
<name>rad</name>
<value>spring</value>
</property>
</activation>
<properties>
<aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dsecurity.oauth2.authentication.enabled=true \
-Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \
-Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \
-Dsecurity.oauth2.client.registration.my-app.provider=aps-app \
-Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts>
</properties>
</profile>
<profile>
<id>rad-keycloak</id>
<activation>
<property>
<name>rad</name>
</property>
</activation>
<properties>
<!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. -->
<!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards -->
<keycloak.server.version>26.2</keycloak.server.version>
<keycloak.server.port>8081</keycloak.server.port>
</properties>
<build>
<plugins>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.46.0</version>
<executions>
<execution>
<id>run-keycloak</id>
<phase>test-compile</phase>
<goals><goal>start</goal></goals>
<configuration>
<images>
<image>
<name>keycloak/keycloak:${keycloak.server.version}</name>
<alias>keycloak</alias>
<run>
<cmd>start-dev --import-realm</cmd>
<env>
<KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
<KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
</env>
<ports>
<port>${keycloak.server.port}:8080</port>
</ports>
<network>
<mode>custom</mode>
<name>${project.artifactId}</name>
</network>
<extraHosts>
<host>host.docker.internal:host-gateway</host>
</extraHosts>
<volumes>
<bind>
<volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume>
</bind>
</volumes>
</run>
</image>
</images>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>ossrh-release</id>
<properties>
<maven.deploy.skip>true</maven.deploy.skip>
</properties>
<build>
<plugins>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>source</id>
<phase>package</phase>
<goals><goal>jar-no-fork</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<id>javadoc</id>
<phase>package</phase>
<goals><goal>jar</goal></goals>
<configuration>
<show>public</show>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign</id>
<phase>verify</phase>
<goals><goal>sign</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.7.0</version>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
<executions>
<execution>
<id>ossrh-deploy</id>
<phase>deploy</phase>
<goals><goal>deploy</goal></goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<repositories>
<repository>
<id>activiti-releases</id>
<url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
</repository>
</repositories>
</project>

70
src/main/java/com/activiti/extension/conf/AuthExtSpringComponentScanner.java
View File

@@ -1,35 +1,35 @@
/*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.activiti.extension.conf;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator;
/**
* A means for injecting packages to scan for the Spring context.
*
* @author brian@inteligr8.com
*/
@Configuration
@ComponentScan(
basePackages = {
"com.inteligr8.activiti.auth"
},
nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class
)
public class AuthExtSpringComponentScanner {
}
/*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.activiti.extension.conf;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator;
/**
* A means for injecting packages to scan for the Spring context.
*
* @author brian@inteligr8.com
*/
@Configuration
@ComponentScan(
basePackages = {
"com.inteligr8.activiti.auth"
},
nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class
)
public class AuthExtSpringComponentScanner {
}

32
src/main/java/com/inteligr8/activiti/auth/Bootstrapper.java
View File

@@ -1,32 +0,0 @@
package com.inteligr8.activiti.auth;
import java.util.Map;
import java.util.Map.Entry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import com.activiti.api.boot.BootstrapConfigurer;
@Component("bootstrap.proxy")
@Primary
public class Bootstrapper implements BootstrapConfigurer {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Override
public void applicationContextInitialized(ApplicationContext applicationContext) {
Map<String, BootstrapConfigurer> bootstraps = applicationContext.getBeansOfType(BootstrapConfigurer.class);
bootstraps.remove("bootstrap.proxy");
this.logger.debug("Executing {} bootstrap configurers", bootstraps.size());
for (Entry<String, BootstrapConfigurer> bootstrap : bootstraps.entrySet()) {
this.logger.trace("Executing bootstrap configurer: {}: {}", bootstrap.getKey(), bootstrap.getValue().getClass());
bootstrap.getValue().applicationContextInitialized(applicationContext);
}
}
}