Activiti 6.0 to custom user/group data in Spring Boot - spring-boot

In activiti 6.0, I have two app: activiti-app and activiti-rest
I want activiti-app and activiti-rest use my custom authentication (own user and group database).
I have follow this question to make a custom authentication session
Configure Activiti to reuse the existing user/group data in Spring Boot
But, after create project, I don't know what should I do next?
I have try to copy .jar code to activiti-app/WEB-INF/lib and activiti-rest/WEB-INF/lib but nothing happend.
So, what should I do after I done my custom authentication project to customize activiti 6.0 user and group.
Many thanks

You need to make sure you configure your custom user and group session factories are registered with the Process Engine Configuration.
There are a couple of ways to do this.
The easiest is to simply update the application engine configuration classes and set the session factories.
If you prefer not to touch the core code (this is more of an issue if using th enterprise edition) or you re using Spring Boot, you can implement an "processEngineConfigurationConfigurer" class which allows you to get access to the Process Engine Configuration before it is initialized.
Which ever way you choose, the registration code is the same:
Map<Class<?>, SessionFactory> sessionFactories = processEngineConfiguration.getSessionFactories();
sessionFactories.put(userManagerFactory.getSessionType(), userManagerFactory);
sessionFactories.put(groupManagerFactory.getSessionType(), groupManagerFactory);
processEngineConfiguration.setSessionFactories(sessionFactories);
This should register your custom session factories.
Hope this helps,
Greg

Related

Spring Boot: Handle configuration in multitenant application

I am implementing a Spring Boot application which will be providing a multitenant environment. That is achieved in my case by using a database schema for each customer. Example see this project.
Now I am wondering how to implement tenant-specific configurations. I am using #ConfigurationProperties to bundle my property values, but these are getting instantiated once and not for each tenant.
What if I would like to use Spring Cloud Config with multiple tenant specific git repository as an configuration backend. Would it be possible when using a jdbc backend for Spring Cloud Config?
Is there any way with default Spring mechanisms or do I have to implement a database based configuration framework myself?
Edit: For example I have two tenants called Tenant1 and Tenant2. Both are running over the same application in the same context and are writing in the database schemes tenant_1 and tenant_2.
Identification of tenants is happening over keycloak (see Spring Keycloak multi tenant example). So I identify the tenantId from the jwt token and select the database connection like described here.
But now I would need the same mechanism for #Configuration beans. Since #Configuration beans are as far as I know Singletons, so there is always ONE configuration per application scope, and not ONE configuration per tenant.
So using Spring Cloud Config Tenant1 is using https://git-url/tenant1, Tenant2 is using Hashicorp Vault as backend and perhaps Tenant3 will be using a jdbc based configuration backend. And all of that in ONE (of course scalable) application.
In case your application uses tenant specific files (html templates etc), the following can be applied. As I have used the below approach for handling many tenants and works fine and easy to maintain.
I would suggest that you maintain a consistent configuration source (JDBC) for all of your tenant configurations. This helps you have a single source that is cacheable and scalable for your application. Also, you could have your tenants navigate to a configuration page to manage their settings and alter them to suit their needs at any point of time on the fly. (Example Settings: Records Per Page, Theme, Logo, Filters etc...)
Having the tenant configuration in files in git will be a difficult task when you wanted to auto-provision tenant's when they sign-up as it will involve couple of distributed services. Having them in a TenantSettings table with the tenantId as a column could help you get the data in no time and will be easy.
You can use Spring Cloud Config for your scenario and it is adoptable. It is easily configurable and provides out of the box features. For your specific scenario, you can have any number of microservices running yet all controlled by one Spring Cloud Config Server which is connected to one Git Repository. Your all microservices are asking configuration properties from Spring Cloud Config Server and it is directly fetching properties from Git Repository. That repository can have multiple property files. It can hold common properties for all the microservices or specific service based configuration properties. If you want to keep confidential properties more securely, that is also made possible via HashiCorp vault. I will leave an image below for you to get a better idea about this concept.
In the below image, you can see the Git Repository with common configuration property files and specific configuration property files for different services yet in same repository.
I will add another image for you to get a better idea how does this can be arranged with application profiles as well.
Finally I will add something additional to show the power of Spring Cloud Config and out of the box features it allows us to play with. You can automatically refresh configuration properties in running application as well. You can configure Spring Cloud Config to do that. I will add an architectural diagram to achieve that.
References for this answer is taken from Spring in Action, Fifth Edition
Craig Walls

Broadleaf spring session

Trying to figure out how to integrate spring session with an app based on the broadleaf framework and so far it was unsuccessful, tried importing the BroadleafJdbcHttpSessionConfiguration config but it was to no success. Any ideas on how to make it work?
The BroadleafJdbcHttpSessionConfiguration class was added primarily to better support multi-session customer assisted shopping for Customer Service Representatives. The instructions for setting up the BroadleafJdbcHttpSessionConfiguration is in this context. See https://www.broadleafcommerce.com/docs/enterprise/current/multi-customer-assisted-shopping
If you are trying to introduce distributed session management, BroadleafJdbcHttpSessionConfiguration is an option but not recommended. We recommend using Memcached with the Tomcat Session Manager. See https://github.com/magro/memcached-session-manager/wiki/SetupAndConfiguration
The configuration for Memcached and Tomcat Session Manager is pretty easy and it works well.

The best web login approach

I am developing a jsp dynamic web project on eclipse.
I want to create an website with login functionality. I intend to store users' accounts and passwords in MySQL database. Of course, different users have different roles and rights to access different web pages. What is the best approach to implement it?
So far, I know these approaches:
1) Users enter accounts/passwords in login.jsp. LoginServlet then connects to MySQL database to check if it is correct. AuthenticationFilters will make sure only users with rights can access certain pages.
2) Use Role Based Authentication by declaring user roles in web.xml. I find this approach is not flexible, because I need to declare roles in advance.
3) Use HttpServletRequest's login/logout methods. I have not studied it.
Is my understanding correct? Could someone gives me some suggestions? Some clues would be very helpful!
Besides, I know that using POST alone to send passwords is not safe enough. Many websites suggest to use HTTPS connections. So if using HTTPS connections, does it affect the approach I choose to implement the login function?
Thanks!
--
Now, I know I need to use Spring. But Spring seems difficult for me... In Spring website I cant find out the link to download jar files. The user guide says I need to use Gradle or Maven, which I haven't used before, and have no idea why I need them. Besides, there are many Spring projects. Which one should I choose? Spring framework?
--
Have you looked into using Spring Security? It's built for just that. You don't need to be familiar with Spring but it may help.
Here are a couple of tutorials that use database authentication:
1: Spring Security Authentication and Authorization Example with Database Credentials
2: Spring Security Login Example with Database
Edit:
You don't have to Maven or Gradle. You can simply add the jars to your build path and they will work. The only projects you need to implement for the login to work is the Spring Framework and Spring Security.
To use Spring Security without Maven or Gradle:
Download the Spring Framework jars, unzip them, and add them to your project and build path. It's probably a good idea to find a hello world tutorial using Spring to get you started. A quick Google search should turn up many results.
After you have Spring implemented in your project, download the Spring Security jars, unzip those, and add them to your build path. The links to the tutorials that I previously posted will get you started. They may take a little while to go through and you may not understand exactly what is happening behind the scenes, but once you get it set up is works outstanding. I'm also not sure if you are using xml configuration or Java config but I believe those tutorials are for xml.
Spring Security was built so that it could be added to any project and have you up and running with basic configuration in about 15 minutes. After you get the basic login going (it will use the generic login form), you can search for how to implement your own custom login form, add permissions or restrictions to users and url patters, adding custom filters, etc. I encourage you to spend some time learning it as it is highly flexible and customizable.

Spring Security without a login form

I am writing a java application using Spring. The application will be deployed to a Java EE container in a Linux environment, being accessed by Windows users.
Is there a way I can authenticate these users into the application without using any forms?
EDIT:
The first thing that I need to do is identify who the user is. After reading Block 87's article, I should start looking at SPNEGO and setting up each of the environments. From that point, I should be able to implement #ticktock's answer.
Yes, you just need to replace the UsernamePasswordFormFilter with your own authentication filter. Easiest if you extend AbstractAuthenticationProcessingFilter. You'll probably have to provide your own AuthenticationProvider as well.

Spring Forum integration

My application uses Spring Security and Spring MVC and is hosted on Glassfish 3.1.2.
I'm looking for a forum software (phpBB like) that I can integrate easily in my app.
Does anyone know some ?
I found JForum but it's a web app which needs to be installed... Maybe should I install it and copy the directory in my application?
I tried jForum, and even if it seems that the project is not continuing, it fits to my application.
To get it working with Spring, I had to use SSO (Single sign-on) by modifying jForum config.
In the file SystemGlobals.properties, I had to change property authentication.type = default to authentication.type = sso.
jForum will use the remote user of the request context.
See classes below for more informations
net.jforum.JForum
net.jforum.ControllerUtils
net.jforum.sso.RemoteUserSSO
net.jforum.sso.SSOUtils

Resources