Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9c67dad207 | |||
| 55619d6b4a | |||
| d631cc5f12 | |||
| 0a10b06cc8 | |||
| 76ce7e42d4 | |||
| 0b032f1f7f | |||
| 790836194e | |||
| dde6dbcdb0 |
@@ -29,6 +29,10 @@ grant codeBase "file:${catalina.base}/ext/-" {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
This extension requires the [`multiext-activiti-app-ext`](https://git.inteligr8.com/inteligr8/multiext-activiti-app-ext). Without it, APS will fail to startup. It is very small and requires no additional configuration.
|
||||||
|
|
||||||
## Support Matrix
|
## Support Matrix
|
||||||
|
|
||||||
| Auth Activiti App Extension | Activiti App |
|
| Auth Activiti App Extension | Activiti App |
|
||||||
@@ -57,7 +61,7 @@ The following properties provide the core functionality of this extension. That
|
|||||||
|
|
||||||
| Property | Default | Description |
|
| Property | Default | Description |
|
||||||
| ---------------------------------------------- | --------- | ----------- |
|
| ---------------------------------------------- | --------- | ----------- |
|
||||||
| `auth-ext.sync.externalId` | `oauth` | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. |
|
| `auth-ext.externalId` | `oauth` | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. |
|
||||||
| `auth-ext.tenant` | | A preselected tenant for all operations in this extension. Only required if there are multiple tenants. |
|
| `auth-ext.tenant` | | A preselected tenant for all operations in this extension. Only required if there are multiple tenants. |
|
||||||
| `auth-ext.sync.user.createMissing` | `true` | If the user is authenticated, the user may be created in APS. |
|
| `auth-ext.sync.user.createMissing` | `true` | If the user is authenticated, the user may be created in APS. |
|
||||||
| `auth-ext.sync.user.requireGroup` | | This is only applicable when `createMissing` is `true`. If this is unset or the OAuth Authorization Server gives the user the specified group/role, then the user record will be created in APS. |
|
| `auth-ext.sync.user.requireGroup` | | This is only applicable when `createMissing` is `true`. If this is unset or the OAuth Authorization Server gives the user the specified group/role, then the user record will be created in APS. |
|
||||||
|
|||||||
594
pom.xml
594
pom.xml
@@ -1,294 +1,300 @@
|
|||||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>com.inteligr8.activiti</groupId>
|
|
||||||
<artifactId>auth-activiti-app-ext</artifactId>
|
<groupId>com.inteligr8.activiti</groupId>
|
||||||
<version>2.0.0</version>
|
<artifactId>auth-activiti-app-ext</artifactId>
|
||||||
|
<version>2.0.2</version>
|
||||||
<name>Authentication & Authorization for APS</name>
|
|
||||||
<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
|
<name>Authentication & Authorization for APS</name>
|
||||||
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url>
|
<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
|
||||||
|
<url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
|
||||||
<licenses>
|
|
||||||
<license>
|
<licenses>
|
||||||
<name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
|
<license>
|
||||||
<url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
|
<name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
|
||||||
</license>
|
<url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
|
||||||
</licenses>
|
</license>
|
||||||
|
</licenses>
|
||||||
<scm>
|
|
||||||
<connection>scm:git:https://bitbucket.org/inteligr8/auth-activiti-app-ext.git</connection>
|
<scm>
|
||||||
<developerConnection>scm:git:git@bitbucket.org:inteligr8/auth-activiti-app-ext.git</developerConnection>
|
<connection>scm:git:https://git.inteligr8.com/inteligr8/auth-activiti-app-ext.git</connection>
|
||||||
<url>https://bitbucket.org/inteligr8/auth-activiti-app-ext</url>
|
<developerConnection>scm:git:git@git.inteligr8.com:inteligr8/auth-activiti-app-ext.git</developerConnection>
|
||||||
</scm>
|
<url>https://git.inteligr8.com/inteligr8/auth-activiti-app-ext</url>
|
||||||
<organization>
|
</scm>
|
||||||
<name>Inteligr8</name>
|
<organization>
|
||||||
<url>https://www.inteligr8.com</url>
|
<name>Inteligr8</name>
|
||||||
</organization>
|
<url>https://www.inteligr8.com</url>
|
||||||
<developers>
|
</organization>
|
||||||
<developer>
|
<developers>
|
||||||
<id>brian.long</id>
|
<developer>
|
||||||
<name>Brian Long</name>
|
<id>brian.long</id>
|
||||||
<email>brian@inteligr8.com</email>
|
<name>Brian Long</name>
|
||||||
<url>https://twitter.com/brianmlong</url>
|
<email>brian@inteligr8.com</email>
|
||||||
</developer>
|
<url>https://twitter.com/brianmlong</url>
|
||||||
</developers>
|
</developer>
|
||||||
|
</developers>
|
||||||
<properties>
|
|
||||||
<maven.compiler.source>17</maven.compiler.source>
|
<properties>
|
||||||
<maven.compiler.target>17</maven.compiler.target>
|
<maven.compiler.source>17</maven.compiler.source>
|
||||||
<maven.compiler.release>17</maven.compiler.release>
|
<maven.compiler.target>17</maven.compiler.target>
|
||||||
|
<maven.compiler.release>17</maven.compiler.release>
|
||||||
<aps.version>25.1.1</aps.version>
|
|
||||||
|
<aps.version>25.1.1</aps.version>
|
||||||
<!-- for RAD -->
|
|
||||||
<tomcat-rad.version>10-2.2</tomcat-rad.version>
|
<!-- for RAD -->
|
||||||
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
|
<tomcat-rad.version>10-2.2</tomcat-rad.version>
|
||||||
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
|
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
|
||||||
-Dauth-ext.oauth.enabled=true \
|
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
|
||||||
-Dauth-ext.external.id=keycloak \
|
-Dauth-ext.external.id=keycloak \
|
||||||
-Dauth-ext.sync.group.translate.patterns=aps-admin \
|
-Dauth-ext.sync.group.translate.patterns=aps-admin \
|
||||||
-Dauth-ext.sync.group.translate.replacements=Superusers \
|
-Dauth-ext.sync.group.translate.replacements=Superusers \
|
||||||
-Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base>
|
-Dauth-ext.group.admins.validate=true</aps.tomcat.opts.base>
|
||||||
<aps.timeout>120000</aps.timeout>
|
<aps.timeout>120000</aps.timeout>
|
||||||
<keycloak.realm>my-app</keycloak.realm>
|
<keycloak.realm>my-app</keycloak.realm>
|
||||||
<oauth.client.id>aps-app-public</oauth.client.id>
|
<oauth.client.id>aps-app-public</oauth.client.id>
|
||||||
<oauth.client.secret></oauth.client.secret>
|
<oauth.client.secret></oauth.client.secret>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<!-- Needed for Activiti App Identity Service inheritance/override -->
|
<!-- Needed for Activiti App Identity Service inheritance/override -->
|
||||||
<!-- includes activiti-app-logic for API -->
|
<!-- includes activiti-app-logic for API -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.activiti</groupId>
|
<groupId>com.activiti</groupId>
|
||||||
<artifactId>activiti-app</artifactId>
|
<artifactId>activiti-app</artifactId>
|
||||||
<version>${aps.version}</version>
|
<version>${aps.version}</version>
|
||||||
<classifier>classes</classifier>
|
<classifier>classes</classifier>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
<exclusions>
|
<exclusions>
|
||||||
<!-- not necessary to download for building -->
|
<!-- not necessary to download for building -->
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>com.activiti</groupId>
|
<groupId>com.activiti</groupId>
|
||||||
<artifactId>aspose-transformation</artifactId>
|
<artifactId>aspose-transformation</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>org.alfresco.officeservices</groupId>
|
<groupId>org.alfresco.officeservices</groupId>
|
||||||
<artifactId>aoservices</artifactId>
|
<artifactId>aoservices</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<!-- very old and overrides real spring version -->
|
<!-- very old and overrides real spring version -->
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>com.ryantenney.metrics</groupId>
|
<groupId>com.ryantenney.metrics</groupId>
|
||||||
<artifactId>metrics-spring</artifactId>
|
<artifactId>metrics-spring</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>org.springframework.security.oauth</groupId>
|
<groupId>org.springframework.security.oauth</groupId>
|
||||||
<artifactId>spring-security-oauth2</artifactId>
|
<artifactId>spring-security-oauth2</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>org.springframework.security.oauth.boot</groupId>
|
<groupId>org.springframework.security.oauth.boot</groupId>
|
||||||
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
|
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
<dependency>
|
||||||
|
<groupId>com.inteligr8.activiti</groupId>
|
||||||
<build>
|
<artifactId>multiext-activiti-app-ext</artifactId>
|
||||||
<plugins>
|
<version>1.0.0</version>
|
||||||
<plugin>
|
<scope>runtime</scope>
|
||||||
<groupId>io.repaint.maven</groupId>
|
</dependency>
|
||||||
<artifactId>tiles-maven-plugin</artifactId>
|
</dependencies>
|
||||||
<version>2.40</version>
|
|
||||||
<extensions>true</extensions>
|
<build>
|
||||||
<configuration>
|
<plugins>
|
||||||
<tiles>
|
<plugin>
|
||||||
<!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile -->
|
<groupId>io.repaint.maven</groupId>
|
||||||
<!--
|
<artifactId>tiles-maven-plugin</artifactId>
|
||||||
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile>
|
<version>2.40</version>
|
||||||
-->
|
<extensions>true</extensions>
|
||||||
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile>
|
<configuration>
|
||||||
</tiles>
|
<tiles>
|
||||||
</configuration>
|
<!-- Documentation: https://bitbucket.org/inteligr8/ootbee-beedk/src/stable/beedk-aps-ext-rad-tile -->
|
||||||
</plugin>
|
<!--
|
||||||
</plugins>
|
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:[1.1.0,2.0.0)</tile>
|
||||||
</build>
|
-->
|
||||||
|
<tile>com.inteligr8.ootbee:beedk-aps-ext-rad-tile:1.1-SNAPSHOT</tile>
|
||||||
<profiles>
|
</tiles>
|
||||||
<profile>
|
</configuration>
|
||||||
<id>activiti-oauth-confidential</id>
|
</plugin>
|
||||||
<activation>
|
</plugins>
|
||||||
<property>
|
</build>
|
||||||
<name>secret</name>
|
|
||||||
</property>
|
<profiles>
|
||||||
</activation>
|
<profile>
|
||||||
<properties>
|
<id>activiti-oauth-confidential</id>
|
||||||
<oauth.client.id>aps-app-confidential</oauth.client.id>
|
<activation>
|
||||||
<oauth.client.secret>a-secret</oauth.client.secret>
|
<property>
|
||||||
</properties>
|
<name>secret</name>
|
||||||
</profile>
|
</property>
|
||||||
<profile>
|
</activation>
|
||||||
<id>activiti-oauth-legacy</id>
|
<properties>
|
||||||
<activation>
|
<oauth.client.id>aps-app-confidential</oauth.client.id>
|
||||||
<property>
|
<oauth.client.secret>a-secret</oauth.client.secret>
|
||||||
<name>rad</name>
|
</properties>
|
||||||
<value>!spring</value>
|
</profile>
|
||||||
</property>
|
<profile>
|
||||||
</activation>
|
<id>activiti-oauth-legacy</id>
|
||||||
<properties>
|
<activation>
|
||||||
<aps.tomcat.opts>${aps.tomcat.opts.base} \
|
<property>
|
||||||
-Dactiviti.identity-service.enabled=true \
|
<name>rad</name>
|
||||||
-Dactiviti.identity-service.realm=${keycloak.realm} \
|
<value>!spring</value>
|
||||||
-Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \
|
</property>
|
||||||
-Dactiviti.identity-service.resource=${oauth.client.id} \
|
</activation>
|
||||||
-Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \
|
<properties>
|
||||||
-Dactiviti.use-browser-based-logout=true \
|
<aps.tomcat.opts>${aps.tomcat.opts.base} \
|
||||||
-Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts>
|
-Dactiviti.identity-service.enabled=true \
|
||||||
</properties>
|
-Dactiviti.identity-service.realm=${keycloak.realm} \
|
||||||
</profile>
|
-Dactiviti.identity-service.auth-server-url=http://host.docker.internal:${keycloak.server.port} \
|
||||||
<profile>
|
-Dactiviti.identity-service.resource=${oauth.client.id} \
|
||||||
<id>activiti-oauth-spring</id>
|
-Dactiviti.identity-service.credentials.secret=${oauth.client.secret} \
|
||||||
<activation>
|
-Dactiviti.use-browser-based-logout=true \
|
||||||
<property>
|
-Dalfresco.content.sso.redirect_uri=http://loalhost:8080/activiti-app/app/rest/integration/sso/confirm-auth-request</aps.tomcat.opts>
|
||||||
<name>rad</name>
|
</properties>
|
||||||
<value>spring</value>
|
</profile>
|
||||||
</property>
|
<profile>
|
||||||
</activation>
|
<id>activiti-oauth-spring</id>
|
||||||
<properties>
|
<activation>
|
||||||
<aps.tomcat.opts>${aps.tomcat.opts.base} \
|
<property>
|
||||||
-Dsecurity.oauth2.authentication.enabled=true \
|
<name>rad</name>
|
||||||
-Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \
|
<value>spring</value>
|
||||||
-Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \
|
</property>
|
||||||
-Dsecurity.oauth2.client.registration.my-app.provider=aps-app \
|
</activation>
|
||||||
-Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts>
|
<properties>
|
||||||
</properties>
|
<aps.tomcat.opts>${aps.tomcat.opts.base} \
|
||||||
</profile>
|
-Dsecurity.oauth2.authentication.enabled=true \
|
||||||
<profile>
|
-Dsecurity.oauth2.client.registration.my-app.client-id=${oauth.client.id} \
|
||||||
<id>rad-keycloak</id>
|
-Dsecurity.oauth2.client.registration.my-app.client-secret=${oauth.client.secret} \
|
||||||
<activation>
|
-Dsecurity.oauth2.client.registration.my-app.provider=aps-app \
|
||||||
<property>
|
-Dsecurity.oauth2.client.provider.aps-app.issuer_uri=http://host.docker.internal:${keycloak.server.port}/realms/${keycloak.realm}</aps.tomcat.opts>
|
||||||
<name>rad</name>
|
</properties>
|
||||||
</property>
|
</profile>
|
||||||
</activation>
|
<profile>
|
||||||
<properties>
|
<id>rad-keycloak</id>
|
||||||
<!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. -->
|
<activation>
|
||||||
<!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards -->
|
<property>
|
||||||
<keycloak.server.version>26.2</keycloak.server.version>
|
<name>rad</name>
|
||||||
<keycloak.server.port>8081</keycloak.server.port>
|
</property>
|
||||||
</properties>
|
</activation>
|
||||||
<build>
|
<properties>
|
||||||
<plugins>
|
<!-- Due to SSL restricitons in previous versions, testing against keyclaok is near impossible. -->
|
||||||
<plugin>
|
<!-- This module should still work against nearly all versions of Keycloak that support the OIDC standards -->
|
||||||
<groupId>io.fabric8</groupId>
|
<keycloak.server.version>26.2</keycloak.server.version>
|
||||||
<artifactId>docker-maven-plugin</artifactId>
|
<keycloak.server.port>8081</keycloak.server.port>
|
||||||
<version>0.46.0</version>
|
</properties>
|
||||||
<executions>
|
<build>
|
||||||
<execution>
|
<plugins>
|
||||||
<id>run-keycloak</id>
|
<plugin>
|
||||||
<phase>test-compile</phase>
|
<groupId>io.fabric8</groupId>
|
||||||
<goals><goal>start</goal></goals>
|
<artifactId>docker-maven-plugin</artifactId>
|
||||||
<configuration>
|
<version>0.46.0</version>
|
||||||
<images>
|
<executions>
|
||||||
<image>
|
<execution>
|
||||||
<name>keycloak/keycloak:${keycloak.server.version}</name>
|
<id>run-keycloak</id>
|
||||||
<alias>keycloak</alias>
|
<phase>test-compile</phase>
|
||||||
<run>
|
<goals><goal>start</goal></goals>
|
||||||
<cmd>start-dev --import-realm</cmd>
|
<configuration>
|
||||||
<env>
|
<images>
|
||||||
<KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
|
<image>
|
||||||
<KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
|
<name>keycloak/keycloak:${keycloak.server.version}</name>
|
||||||
</env>
|
<alias>keycloak</alias>
|
||||||
<ports>
|
<run>
|
||||||
<port>${keycloak.server.port}:8080</port>
|
<cmd>start-dev --import-realm</cmd>
|
||||||
</ports>
|
<env>
|
||||||
<network>
|
<KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
|
||||||
<mode>custom</mode>
|
<KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
|
||||||
<name>${project.artifactId}</name>
|
</env>
|
||||||
</network>
|
<ports>
|
||||||
<extraHosts>
|
<port>${keycloak.server.port}:8080</port>
|
||||||
<host>host.docker.internal:host-gateway</host>
|
</ports>
|
||||||
</extraHosts>
|
<network>
|
||||||
<volumes>
|
<mode>custom</mode>
|
||||||
<bind>
|
<name>${project.artifactId}</name>
|
||||||
<volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume>
|
</network>
|
||||||
</bind>
|
<extraHosts>
|
||||||
</volumes>
|
<host>host.docker.internal:host-gateway</host>
|
||||||
</run>
|
</extraHosts>
|
||||||
</image>
|
<volumes>
|
||||||
</images>
|
<bind>
|
||||||
</configuration>
|
<volume>${project.basedir}/src/test/resources/keycloak-import:/opt/keycloak/data/import:ro</volume>
|
||||||
</execution>
|
</bind>
|
||||||
</executions>
|
</volumes>
|
||||||
</plugin>
|
</run>
|
||||||
</plugins>
|
</image>
|
||||||
</build>
|
</images>
|
||||||
</profile>
|
</configuration>
|
||||||
<profile>
|
</execution>
|
||||||
<id>ossrh-release</id>
|
</executions>
|
||||||
<properties>
|
</plugin>
|
||||||
<maven.deploy.skip>true</maven.deploy.skip>
|
</plugins>
|
||||||
</properties>
|
</build>
|
||||||
<build>
|
</profile>
|
||||||
<plugins>
|
<profile>
|
||||||
<plugin>
|
<id>ossrh-release</id>
|
||||||
<artifactId>maven-source-plugin</artifactId>
|
<properties>
|
||||||
<executions>
|
<maven.deploy.skip>true</maven.deploy.skip>
|
||||||
<execution>
|
</properties>
|
||||||
<id>source</id>
|
<build>
|
||||||
<phase>package</phase>
|
<plugins>
|
||||||
<goals><goal>jar-no-fork</goal></goals>
|
<plugin>
|
||||||
</execution>
|
<artifactId>maven-source-plugin</artifactId>
|
||||||
</executions>
|
<executions>
|
||||||
</plugin>
|
<execution>
|
||||||
<plugin>
|
<id>source</id>
|
||||||
<artifactId>maven-javadoc-plugin</artifactId>
|
<phase>package</phase>
|
||||||
<executions>
|
<goals><goal>jar-no-fork</goal></goals>
|
||||||
<execution>
|
</execution>
|
||||||
<id>javadoc</id>
|
</executions>
|
||||||
<phase>package</phase>
|
</plugin>
|
||||||
<goals><goal>jar</goal></goals>
|
<plugin>
|
||||||
<configuration>
|
<artifactId>maven-javadoc-plugin</artifactId>
|
||||||
<show>public</show>
|
<executions>
|
||||||
</configuration>
|
<execution>
|
||||||
</execution>
|
<id>javadoc</id>
|
||||||
</executions>
|
<phase>package</phase>
|
||||||
</plugin>
|
<goals><goal>jar</goal></goals>
|
||||||
<plugin>
|
<configuration>
|
||||||
<artifactId>maven-gpg-plugin</artifactId>
|
<show>public</show>
|
||||||
<executions>
|
</configuration>
|
||||||
<execution>
|
</execution>
|
||||||
<id>sign</id>
|
</executions>
|
||||||
<phase>verify</phase>
|
</plugin>
|
||||||
<goals><goal>sign</goal></goals>
|
<plugin>
|
||||||
</execution>
|
<artifactId>maven-gpg-plugin</artifactId>
|
||||||
</executions>
|
<executions>
|
||||||
</plugin>
|
<execution>
|
||||||
<plugin>
|
<id>sign</id>
|
||||||
<groupId>org.sonatype.plugins</groupId>
|
<phase>verify</phase>
|
||||||
<artifactId>nexus-staging-maven-plugin</artifactId>
|
<goals><goal>sign</goal></goals>
|
||||||
<version>1.7.0</version>
|
</execution>
|
||||||
<configuration>
|
</executions>
|
||||||
<serverId>ossrh</serverId>
|
</plugin>
|
||||||
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
|
<plugin>
|
||||||
<autoReleaseAfterClose>true</autoReleaseAfterClose>
|
<groupId>org.sonatype.plugins</groupId>
|
||||||
</configuration>
|
<artifactId>nexus-staging-maven-plugin</artifactId>
|
||||||
<executions>
|
<version>1.7.0</version>
|
||||||
<execution>
|
<configuration>
|
||||||
<id>ossrh-deploy</id>
|
<serverId>ossrh</serverId>
|
||||||
<phase>deploy</phase>
|
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
|
||||||
<goals><goal>deploy</goal></goals>
|
<autoReleaseAfterClose>true</autoReleaseAfterClose>
|
||||||
</execution>
|
</configuration>
|
||||||
</executions>
|
<executions>
|
||||||
</plugin>
|
<execution>
|
||||||
</plugins>
|
<id>ossrh-deploy</id>
|
||||||
</build>
|
<phase>deploy</phase>
|
||||||
</profile>
|
<goals><goal>deploy</goal></goals>
|
||||||
</profiles>
|
</execution>
|
||||||
|
</executions>
|
||||||
<repositories>
|
</plugin>
|
||||||
<repository>
|
</plugins>
|
||||||
<id>activiti-releases</id>
|
</build>
|
||||||
<url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
|
</profile>
|
||||||
</repository>
|
</profiles>
|
||||||
</repositories>
|
|
||||||
|
<repositories>
|
||||||
</project>
|
<repository>
|
||||||
|
<id>activiti-releases</id>
|
||||||
|
<url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
|
||||||
|
</repository>
|
||||||
|
</repositories>
|
||||||
|
|
||||||
|
</project>
|
||||||
|
|||||||
@@ -1,35 +1,35 @@
|
|||||||
/*
|
/*
|
||||||
* This program is free software: you can redistribute it and/or modify it
|
* This program is free software: you can redistribute it and/or modify it
|
||||||
* under the terms of the GNU Lesser General Public License as published by
|
* under the terms of the GNU Lesser General Public License as published by
|
||||||
* the Free Software Foundation, either version 3 of the License, or (at your
|
* the Free Software Foundation, either version 3 of the License, or (at your
|
||||||
* option) any later version.
|
* option) any later version.
|
||||||
*
|
*
|
||||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||||
* more details.
|
* more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU General Public License along
|
* You should have received a copy of the GNU General Public License along
|
||||||
* with this program. If not, see <https://www.gnu.org/licenses/>.
|
* with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
package com.activiti.extension.conf;
|
package com.activiti.extension.conf;
|
||||||
|
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator;
|
import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGenerator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A means for injecting packages to scan for the Spring context.
|
* A means for injecting packages to scan for the Spring context.
|
||||||
*
|
*
|
||||||
* @author brian@inteligr8.com
|
* @author brian@inteligr8.com
|
||||||
*/
|
*/
|
||||||
@Configuration
|
@Configuration
|
||||||
@ComponentScan(
|
@ComponentScan(
|
||||||
basePackages = {
|
basePackages = {
|
||||||
"com.inteligr8.activiti.auth"
|
"com.inteligr8.activiti.auth"
|
||||||
},
|
},
|
||||||
nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class
|
nameGenerator = FullyQualifiedAnnotationBeanNameGenerator.class
|
||||||
)
|
)
|
||||||
public class AuthExtSpringComponentScanner {
|
public class AuthExtSpringComponentScanner {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ public class ActivitiAppAdministratorGroupFixer implements DataFixer {
|
|||||||
@Value("${auth-ext.group.admins.name:Superusers}")
|
@Value("${auth-ext.group.admins.name:Superusers}")
|
||||||
private String adminGroupName;
|
private String adminGroupName;
|
||||||
|
|
||||||
@Value("${auth-ext.sync.externalId:oauth}")
|
@Value("${auth-ext.externalId:oauth}")
|
||||||
protected String externalIdmSource;
|
protected String externalIdmSource;
|
||||||
|
|
||||||
@Value("${auth-ext.group.admins.validate:false}")
|
@Value("${auth-ext.group.admins.validate:false}")
|
||||||
|
|||||||
@@ -1,32 +0,0 @@
|
|||||||
package com.inteligr8.activiti.auth;
|
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Map.Entry;
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.context.ApplicationContext;
|
|
||||||
import org.springframework.context.annotation.Primary;
|
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
|
|
||||||
import com.activiti.api.boot.BootstrapConfigurer;
|
|
||||||
|
|
||||||
@Component("bootstrap.proxy")
|
|
||||||
@Primary
|
|
||||||
public class Bootstrapper implements BootstrapConfigurer {
|
|
||||||
|
|
||||||
private final Logger logger = LoggerFactory.getLogger(this.getClass());
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void applicationContextInitialized(ApplicationContext applicationContext) {
|
|
||||||
Map<String, BootstrapConfigurer> bootstraps = applicationContext.getBeansOfType(BootstrapConfigurer.class);
|
|
||||||
bootstraps.remove("bootstrap.proxy");
|
|
||||||
|
|
||||||
this.logger.debug("Executing {} bootstrap configurers", bootstraps.size());
|
|
||||||
for (Entry<String, BootstrapConfigurer> bootstrap : bootstraps.entrySet()) {
|
|
||||||
this.logger.trace("Executing bootstrap configurer: {}: {}", bootstrap.getKey(), bootstrap.getValue().getClass());
|
|
||||||
bootstrap.getValue().applicationContextInitialized(applicationContext);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
@@ -56,7 +56,7 @@ public class GroupSyncService {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private TenantFinderService tenantFinderService;
|
private TenantFinderService tenantFinderService;
|
||||||
|
|
||||||
@Value("${auth-ext.sync.externalId:oauth}")
|
@Value("${auth-ext.externalId:oauth}")
|
||||||
protected String externalIdmSource;
|
protected String externalIdmSource;
|
||||||
|
|
||||||
@Value("${auth-ext.sync.group.createMissing:true}")
|
@Value("${auth-ext.sync.group.createMissing:true}")
|
||||||
@@ -181,18 +181,19 @@ public class GroupSyncService {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
String oidcGroup = this.apsGroupNameToOidcGroup(group.getName());
|
String oidcGroup = this.apsGroupNameToOidcGroup(group.getName());
|
||||||
|
|
||||||
if (this.externalizeMatchingInternalGroups) {
|
|
||||||
this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
|
|
||||||
// register the group as external
|
|
||||||
group.setExternalId(this.oidcGroupToApsGroupExternalId(oidcGroup));
|
|
||||||
group.setLastUpdate(new Date());
|
|
||||||
this.groupService.save(group);
|
|
||||||
// internal role already existed and the user is already a member
|
|
||||||
}
|
|
||||||
|
|
||||||
if (oidcGroups.remove(oidcGroup)) {
|
if (oidcGroups.remove(oidcGroup)) {
|
||||||
this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
|
this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
|
||||||
|
|
||||||
|
if (this.externalizeMatchingInternalGroups) {
|
||||||
|
this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
|
||||||
|
// register the group as external
|
||||||
|
group.setExternalId(this.oidcGroupToApsGroupExternalId(oidcGroup));
|
||||||
|
group.setLastUpdate(new Date());
|
||||||
|
this.groupService.save(group);
|
||||||
|
// internal role already existed and the user is already a member
|
||||||
|
}
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
} else if (!this.syncInternalGroups) {
|
} else if (!this.syncInternalGroups) {
|
||||||
this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName());
|
this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName());
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ public class UserSyncService {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private TenantFinderService tenantFinderService;
|
private TenantFinderService tenantFinderService;
|
||||||
|
|
||||||
@Value("${auth-ext.sync.externalId:oauth}")
|
@Value("${auth-ext.externalId:oauth}")
|
||||||
protected String externalIdmSource;
|
protected String externalIdmSource;
|
||||||
|
|
||||||
@Value("${auth-ext.sync.user.createMissing:true}")
|
@Value("${auth-ext.sync.user.createMissing:true}")
|
||||||
|
|||||||
Reference in New Issue
Block a user