multiext-activiti-app-ext/README.md

# Multi-Extension Extension for APS (Activiti App)

This library provides a way for developers extend APS without stomping on top of each other.

APS provides the following interfaces to extend the OOTB behavior.  The problem is that they only expect one implementer of each interface.  This means multiple extensions implementing the same interface will result in Spring related errors.  This extension provides a primary implementation, gathers all others, and executes them in bean priority order.

The supported extensions points are in the table below:

| Interface                                                  | Enablement                                     | Description |
| ---------------------------------------------------------- | ---------------------------------------------- | ----------- |
| `com.activiti.api.boot.BootstrapConfigurer`                | *automatic*                                    | **Common**; Perform extra bootstrap operations. |
| `com.activiti.api.security.AlfrescoWebAppSecurityExtender` | *automatic*                                    | Perform extra operations on `org.springframework.security.config.annotation.web.builders.HttpSecurity` for user endpoints when OAuth is used. |
| `com.activiti.api.security.AlfrescoApiSecurityExtender`    | *automatic*                                    | Perform extra operations on `org.springframework.security.config.annotation.web.builders.HttpSecurity` for REST API endpoints when OAuth is used. |
| `com.activiti.api.security.AlfrescoWebAppSecurityOverride` | `inteligr8.ext.webappSecurityOverride.enabled` | *Rare*; Replace OOTB operations on `org.springframework.security.config.annotation.web.builders.HttpSecurity` for user endpoints when OAuth is used; but execute alongside other extensions that may do the same thing. |
| `com.activiti.api.security.AlfrescoApiSecurityOverride`    | `inteligr8.ext.apiSecurityOverride.enabled`    | *Rare*; Replace OOTB operations on `org.springframework.security.config.annotation.web.builders.HttpSecurity` for REST API endpoints when OAuth is used; but execute alongside other extensions that may do the same thing. |
| `com.activiti.api.security.AlfrescoSecurityConfigOverride` | `inteligr8.ext.securityConfigOverride.enabled` | *Rare*; Replace OOTB security when not using OOTB OAuth security. |

## Installation

The installation is simple.  Just include the JAR in the classpath of your APS application.  This is best done by not changing the `activiti-app.war` file, but instead including it within the classpath using your web container configuration.  For Apache Tomcat, you would add or modify the following context file: `conf/Catalina/localhost/activiti-app.xml`.  Its related contents would be:

```xml
<Context>
        <Resources>
                <PostResources base="${catalina.base}/ext" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/WEB-INF/lib" readOnly="true" />
        </Resources>
</Context>
```

Notice the use of `PostResources` instead of `PreResources`.  This library needs to be loaded after the web application.  This is the best way to load any other extensions or customization to the Activiti App, including `JavaDelegate` implementations.  If you use the `-security` switch, you will need to give this path permissions in the `catalina.policy` file:

```properties
grant codeBase "file:${catalina.base}/ext/-" {
	permission java.security.AllPermissions
}
```

## Support Matrix

| Extension | APS   |
| --------- | ----- |
| v1.0      | v2.x+ |

## Configuration

There are no configuration options.

## Using

There is nothing to change, other than: don't use `@Primary` on beans that implement the interfaces in the table above.  And you may want to use the following:

```java
@Component
@Order(10)
```

or

```java
@Component
@Order(Ordered.LOWEST_PRECEDENCE)
```