inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into stable

Browse Source
This commit is contained in:
Brian Long
2025-05-05 11:18:56 -04:00
parent 3d3a7433c5 790836194e
commit 0b032f1f7f
4 changed files with 334 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -29,6 +29,10 @@ grant codeBase "file:${catalina.base}/ext/-" {
} }
``` ```
### Dependencies
This extension requires the [`multiext-activiti-app-ext`](https://git.inteligr8.com/inteligr8/multiext-activiti-app-ext). Without it, APS will fail to startup. It is very small and requires no additional configuration.
## Support Matrix ## Support Matrix
| Auth Activiti App Extension | Activiti App | | Auth Activiti App Extension | Activiti App |

589
pom.xml
View File

@@ -1,294 +1,295 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" <project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>com.inteligr8.activiti</groupId>
<artifactId>auth-activiti-app-ext</artifactId> <groupId>com.inteligr8.activiti</groupId>
<version>2.0.0</version> <artifactId>auth-activiti-app-ext</artifactId>
<version>2.0.1</version>
<name>Authentication &amp; Authorization for APS</name>
<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description> <name>Authentication &amp; Authorization for APS</name>
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url> <description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
<url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
<licenses>
<license> <licenses>
<name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name> <license>
<url>https://www.gnu.org/licenses/lgpl-3.0.txt</url> <name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
</license> <url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
</licenses> </license>
</licenses>
<scm>
<connection>scm:git:https://bitbucket.org/inteligr8/auth-activiti-app-ext.git</connection> <scm>
<developerConnection>scm:git:git@bitbucket.org:inteligr8/auth-activiti-app-ext.git</developerConnection> <connection>scm:git:https://git.inteligr8.com/inteligr8/auth-activiti-app-ext.git</connection>
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url> <developerConnection>scm:git:git@git.inteligr8.com:inteligr8/auth-activiti-app-ext.git</developerConnection>
</scm> <url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
<organization> </scm>
<name>Inteligr8</name> <organization>
<url>https://www.inteligr8.com</url> <name>Inteligr8</name>
</organization> <url>https://www.inteligr8.com</url>
<developers> </organization>
<developer> <developers>
<id>brian.long</id> <developer>
<name>Brian Long</name> <id>brian.long</id>
<email>brian@inteligr8.com</email> <name>Brian Long</name>
<url>https://twitter.com/brianmlong</url> <email>brian@inteligr8.com</email>
</developer> <url>https://twitter.com/brianmlong</url>
</developers> </developer>
</developers>
<properties>
<maven.compiler.source>17</maven.compiler.source> <properties>
<maven.compiler.target>17</maven.compiler.target> <maven.compiler.source>17</maven.compiler.source>
<maven.compiler.release>17</maven.compiler.release> <maven.compiler.target>17</maven.compiler.target>
<maven.compiler.release>17</maven.compiler.release>
<aps.version>25.1.1</aps.version>
<aps.version>25.1.1</aps.version>
<!-- for RAD -->
<tomcat-rad.version>10-2.2</tomcat-rad.version> <!-- for RAD -->
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \ <tomcat-rad.version>10-2.2</tomcat-rad.version>
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \ <aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
-Dauth-ext.oauth.enabled=true \ -Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-Dauth-ext.external.id=keycloak \ -Dauth-ext.oauth.enabled=true \
-Dauth-ext.sync.group.translate.patterns=aps-admin \ -Dauth-ext.external.id=keycloak \
-Dauth-ext.sync.group.translate.replacements=Superusers \ -Dauth-ext.sync.group.translate.patterns=aps-admin \
-Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base> -Dauth-ext.sync.group.translate.replacements=Superusers \
<aps.timeout>120000</aps.timeout> -Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base>
<keycloak.realm>my-app</keycloak.realm> <aps.timeout>120000</aps.timeout>
<oauth.client.id>aps-app-public</oauth.client.id> <keycloak.realm>my-app</keycloak.realm>
<oauth.client.secret></oauth.client.secret> <oauth.client.id>aps-app-public</oauth.client.id>
</properties> <oauth.client.secret></oauth.client.secret>
</properties>
<dependencies>
<!-- Needed for Activiti App Identity Service inheritance/override --> <dependencies>
<!-- includes activiti-app-logic for API --> <!-- Needed for Activiti App Identity Service inheritance/override -->
<dependency> <!-- includes activiti-app-logic for API -->
<groupId>com.activiti</groupId> <dependency>
<artifactId>activiti-app</artifactId> <groupId>com.activiti</groupId>
<version>${aps.version}</version> <artifactId>activiti-app</artifactId>
<classifier>classes</classifier> <version>${aps.version}</version>
<scope>provided</scope> <classifier>classes</classifier>
<exclusions> <scope>provided</scope>
<!-- not necessary to download for building --> <exclusions>
<exclusion> <!-- not necessary to download for building -->
<groupId>com.activiti</groupId> <exclusion>
<artifactId>aspose-transformation</artifactId> <groupId>com.activiti</groupId>
</exclusion> <artifactId>aspose-transformation</artifactId>
<exclusion> </exclusion>
<groupId>org.alfresco.officeservices</groupId> <exclusion>
<artifactId>aoservices</artifactId> <groupId>org.alfresco.officeservices</groupId>
</exclusion> <artifactId>aoservices</artifactId>
<!-- very old and overrides real spring version --> </exclusion>
<exclusion> <!-- very old and overrides real spring version -->
<groupId>com.ryantenney.metrics</groupId> <exclusion>
<artifactId>metrics-spring</artifactId> <groupId>com.ryantenney.metrics</groupId>
</exclusion> <artifactId>metrics-spring</artifactId>
<exclusion> </exclusion>
<groupId>org.springframework.security.oauth</groupId> <exclusion>
<artifactId>spring-security-oauth2</artifactId> <groupId>org.springframework.security.oauth</groupId>
</exclusion> <artifactId>spring-security-oauth2</artifactId>
<exclusion> </exclusion>
<groupId>org.springframework.security.oauth.boot</groupId> <exclusion>
<artifactId>spring-security-oauth2-autoconfigure</artifactId> <groupId>org.springframework.security.oauth.boot</groupId>
</exclusion> <artifactId>spring-security-oauth2-autoconfigure</artifactId>
</exclusions> </exclusion>
</dependency> </exclusions>
</dependencies> </dependency>
</dependencies>
<build>
<plugins> <build>
<plugin> <plugins>
<groupId>io.repaint.maven</groupId> <plugin>
<artifactId>tiles-maven-plugin</artifactId> <groupId>io.repaint.maven</groupId>
<version>2.40</version> <artifactId>tiles-maven-plugin</artifactId>
<extensions>true</extensions> <version>2.40</version>
<configuration> <extensions>true</extensions>
<tiles> <configuration>
<!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile --> <tiles>
<!-- <!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile -->
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile> <!--
--> <tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile>
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile> -->
</tiles> <tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile>
</configuration> </tiles>
</plugin> </configuration>
</plugins> </plugin>
</build> </plugins>
</build>
<profiles>
<profile> <profiles>
<id>activiti-oauth-confidential</id> <profile>
<activation> <id>activiti-oauth-confidential</id>
<property> <activation>
<name>secret</name> <property>
</property> <name>secret</name>
</activation> </property>
<properties> </activation>
<oauth.client.id>aps-app-confidential</oauth.client.id> <properties>
<oauth.client.secret>a-secret</oauth.client.secret> <oauth.client.id>aps-app-confidential</oauth.client.id>
</properties> <oauth.client.secret>a-secret</oauth.client.secret>
</profile> </properties>
<profile> </profile>
<id>activiti-oauth-legacy</id> <profile>
<activation> <id>activiti-oauth-legacy</id>
<property> <activation>
<name>rad</name> <property>
<value>!spring</value> <name>rad</name>
</property> <value>!spring</value>
</activation> </property>
<properties> </activation>
<aps.tomcat.opts>${aps.tomcat.opts.base} \ <properties>
-Dactiviti.identity-service.enabled=true \ <aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dactiviti.identity-service.realm=${keycloak.realm} \ -Dactiviti.identity-service.enabled=true \
-Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \ -Dactiviti.identity-service.realm=${keycloak.realm} \
-Dactiviti.identity-service.resource=${oauth.client.id} \ -Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \
-Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \ -Dactiviti.identity-service.resource=${oauth.client.id} \
-Dactiviti.use-browser-based-logout=true \ -Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \
-Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts> -Dactiviti.use-browser-based-logout=true \
</properties> -Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts>
</profile> </properties>
<profile> </profile>
<id>activiti-oauth-spring</id> <profile>
<activation> <id>activiti-oauth-spring</id>
<property> <activation>
<name>rad</name> <property>
<value>spring</value> <name>rad</name>
</property> <value>spring</value>
</activation> </property>
<properties> </activation>
<aps.tomcat.opts>${aps.tomcat.opts.base} \ <properties>
-Dsecurity.oauth2.authentication.enabled=true \ <aps.tomcat.opts>${aps.tomcat.opts.base} \
-Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \ -Dsecurity.oauth2.authentication.enabled=true \
-Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \ -Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \
-Dsecurity.oauth2.client.registration.my-app.provider=aps-app \ -Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \
-Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts> -Dsecurity.oauth2.client.registration.my-app.provider=aps-app \
</properties> -Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts>
</profile> </properties>
<profile> </profile>
<id>rad-keycloak</id> <profile>
<activation> <id>rad-keycloak</id>
<property> <activation>
<name>rad</name> <property>
</property> <name>rad</name>
</activation> </property>
<properties> </activation>
<!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. --> <properties>
<!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards --> <!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. -->
<keycloak.server.version>26.2</keycloak.server.version> <!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards -->
<keycloak.server.port>8081</keycloak.server.port> <keycloak.server.version>26.2</keycloak.server.version>
</properties> <keycloak.server.port>8081</keycloak.server.port>
<build> </properties>
<plugins> <build>
<plugin> <plugins>
<groupId>io.fabric8</groupId> <plugin>
<artifactId>docker-maven-plugin</artifactId> <groupId>io.fabric8</groupId>
<version>0.46.0</version> <artifactId>docker-maven-plugin</artifactId>
<executions> <version>0.46.0</version>
<execution> <executions>
<id>run-keycloak</id> <execution>
<phase>test-compile</phase> <id>run-keycloak</id>
<goals><goal>start</goal></goals> <phase>test-compile</phase>
<configuration> <goals><goal>start</goal></goals>
<images> <configuration>
<image> <images>
<name>keycloak/keycloak:${keycloak.server.version}</name> <image>
<alias>keycloak</alias> <name>keycloak/keycloak:${keycloak.server.version}</name>
<run> <alias>keycloak</alias>
<cmd>start-dev --import-realm</cmd> <run>
<env> <cmd>start-dev --import-realm</cmd>
<KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME> <env>
<KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD> <KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
</env> <KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
<ports> </env>
<port>${keycloak.server.port}:8080</port> <ports>
</ports> <port>${keycloak.server.port}:8080</port>
<network> </ports>
<mode>custom</mode> <network>
<name>${project.artifactId}</name> <mode>custom</mode>
</network> <name>${project.artifactId}</name>
<extraHosts> </network>
<host>host.docker.internal:host-gateway</host> <extraHosts>
</extraHosts> <host>host.docker.internal:host-gateway</host>
<volumes> </extraHosts>
<bind> <volumes>
<volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume> <bind>
</bind> <volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume>
</volumes> </bind>
</run> </volumes>
</image> </run>
</images> </image>
</configuration> </images>
</execution> </configuration>
</executions> </execution>
</plugin> </executions>
</plugins> </plugin>
</build> </plugins>
</profile> </build>
<profile> </profile>
<id>ossrh-release</id> <profile>
<properties> <id>ossrh-release</id>
<maven.deploy.skip>true</maven.deploy.skip> <properties>
</properties> <maven.deploy.skip>true</maven.deploy.skip>
<build> </properties>
<plugins> <build>
<plugin> <plugins>
<artifactId>maven-source-plugin</artifactId> <plugin>
<executions> <artifactId>maven-source-plugin</artifactId>
<execution> <executions>
<id>source</id> <execution>
<phase>package</phase> <id>source</id>
<goals><goal>jar-no-fork</goal></goals> <phase>package</phase>
</execution> <goals><goal>jar-no-fork</goal></goals>
</executions> </execution>
</plugin> </executions>
<plugin> </plugin>
<artifactId>maven-javadoc-plugin</artifactId> <plugin>
<executions> <artifactId>maven-javadoc-plugin</artifactId>
<execution> <executions>
<id>javadoc</id> <execution>
<phase>package</phase> <id>javadoc</id>
<goals><goal>jar</goal></goals> <phase>package</phase>
<configuration> <goals><goal>jar</goal></goals>
<show>public</show> <configuration>
</configuration> <show>public</show>
</execution> </configuration>
</executions> </execution>
</plugin> </executions>
<plugin> </plugin>
<artifactId>maven-gpg-plugin</artifactId> <plugin>
<executions> <artifactId>maven-gpg-plugin</artifactId>
<execution> <executions>
<id>sign</id> <execution>
<phase>verify</phase> <id>sign</id>
<goals><goal>sign</goal></goals> <phase>verify</phase>
</execution> <goals><goal>sign</goal></goals>
</executions> </execution>
</plugin> </executions>
<plugin> </plugin>
<groupId>org.sonatype.plugins</groupId> <plugin>
<artifactId>nexus-staging-maven-plugin</artifactId> <groupId>org.sonatype.plugins</groupId>
<version>1.7.0</version> <artifactId>nexus-staging-maven-plugin</artifactId>
<configuration> <version>1.7.0</version>
<serverId>ossrh</serverId> <configuration>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> <serverId>ossrh</serverId>
<autoReleaseAfterClose>true</autoReleaseAfterClose> <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
</configuration> <autoReleaseAfterClose>true</autoReleaseAfterClose>
<executions> </configuration>
<execution> <executions>
<id>ossrh-deploy</id> <execution>
<phase>deploy</phase> <id>ossrh-deploy</id>
<goals><goal>deploy</goal></goals> <phase>deploy</phase>
</execution> <goals><goal>deploy</goal></goals>
</executions> </execution>
</plugin> </executions>
</plugins> </plugin>
</build> </plugins>
</profile> </build>
</profiles> </profile>
</profiles>
<repositories>
<repository> <repositories>
<id>activiti-releases</id> <repository>
<url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url> <id>activiti-releases</id>
</repository> <url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
</repositories> </repository>
</repositories>
</project>
</project>

70
src/main/java/com/activiti/extension/conf/AuthExtSpringComponentScanner.java
View File

@@ -1,35 +1,35 @@
/* /*
* This program is free software: you can redistribute it and/or modify it * This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by * under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your * the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. * option) any later version.
* *
* This program is distributed in the hope that it will be useful, but WITHOUT * This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details. * more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>. * with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
package com.activiti.extension.conf; package com.activiti.extension.conf;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator; import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator;
/** /**
* A means for injecting packages to scan for the Spring context. * A means for injecting packages to scan for the Spring context.
* *
* @author brian@inteligr8.com * @author brian@inteligr8.com
*/ */
@Configuration @Configuration
@ComponentScan( @ComponentScan(
basePackages = { basePackages = {
"com.inteligr8.activiti.auth" "com.inteligr8.activiti.auth"
}, },
nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class
) )
public class AuthExtSpringComponentScanner { public class AuthExtSpringComponentScanner {
} }

32
src/main/java/com/inteligr8/activiti/auth/Bootstrapper.java
View File

@@ -1,32 +0,0 @@
package com.inteligr8.activiti.auth;
import java.util.Map;
import java.util.Map.Entry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import com.activiti.api.boot.BootstrapConfigurer;
@Component("bootstrap.proxy")
@Primary
public class Bootstrapper implements BootstrapConfigurer {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Override
public void applicationContextInitialized(ApplicationContext applicationContext) {
Map<String, BootstrapConfigurer> bootstraps = applicationContext.getBeansOfType(BootstrapConfigurer.class);
bootstraps.remove("bootstrap.proxy");
this.logger.debug("Executing {} bootstrap configurers", bootstraps.size());
for (Entry<String, BootstrapConfigurer> bootstrap : bootstraps.entrySet()) {
this.logger.trace("Executing bootstrap configurer: {}: {}", bootstrap.getKey(), bootstrap.getValue().getClass());
bootstrap.getValue().applicationContextInitialized(applicationContext);
}
}
}