SecurityUtils
路径:flowable-engine-flowable-6.4.1\modules\flowable-ui-common\src\main\java\org\flowable\ui\common\security
原因:流程模型加载需要调用的工具类,文件路径需要与原路径保持一致,也就是包路径必须是 org.flowable.ui.common.security 这样在 Jar 中的方法在调用时会覆盖原 Jar 里的工具类
整体结构如下图:
代码如下:
/* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.flowable.ui.common.security; import org.flowable.idm.api.User; import org.flowable.ui.common.model.RemoteUser; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import java.util.ArrayList; import java.util.List; /** * Utility class for Spring Security. */ public class SecurityUtils { private static User assumeUser; private SecurityUtils() { } /** * Get the login of the current user. */ public static String getCurrentUserId() { User user = getCurrentUserObject(); if (user != null) { return user.getId(); } return null; } /** * @return the {@link User} object associated with the current logged in user. */ public static User getCurrentUserObject() { if (assumeUser != null) { return assumeUser; } RemoteUser user = new RemoteUser(); user.setId("admin"); user.setDisplayName("Administrator"); user.setFirstName("Administrator"); user.setLastName("Administrator"); user.setEmail("admin@flowable.com"); user.setPassword("123456"); List<String> pris = new ArrayList<>(); pris.add(DefaultPrivileges.ACCESS_MODELER); pris.add(DefaultPrivileges.ACCESS_IDM); pris.add(DefaultPrivileges.ACCESS_ADMIN); pris.add(DefaultPrivileges.ACCESS_TASK); pris.add(DefaultPrivileges.ACCESS_REST_API); user.setPrivileges(pris); return user; } public static FlowableAppUser getCurrentFlowableAppUser() { FlowableAppUser user = null; SecurityContext securityContext = SecurityContextHolder.getContext(); if (securityContext != null && securityContext.getAuthentication() != null) { Object principal = securityContext.getAuthentication().getPrincipal(); if (principal instanceof FlowableAppUser) { user = (FlowableAppUser) principal; } } return user; } public static boolean currentUserHasCapability(String capability) { FlowableAppUser user = getCurrentFlowableAppUser(); for (GrantedAuthority grantedAuthority : user.getAuthorities()) { if (capability.equals(grantedAuthority.getAuthority())) { return true; } } return false; } public static void assumeUser(User user) { assumeUser = user; } public static void clearAssumeUser() { assumeUser = null; } }
认证请求配置
前端 url-config.js 修改
路径:resource\static\scripts\configuration\url-conf.js
将 getAccountUrl 的路径改为上面自己的 getAccount 接口的路径,我们让他使用我们自己的认证
后端添加Controller
添加一个登录认证的FlowableController
代码如下:
package com.flowable.modeler.controller; import org.flowable.ui.common.model.UserRepresentation; import org.flowable.ui.common.security.DefaultPrivileges; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList; import java.util.List; /** * @author yangjian * @date 2023/9/7 13:42:11 */ @RestController @RequestMapping("/login") public class FlowableController { /** * 获取默认的管理员信息 * @return */ @RequestMapping(value = "/rest/account", method = RequestMethod.GET, produces = "application/json") public UserRepresentation getAccount() { UserRepresentation userRepresentation = new UserRepresentation(); userRepresentation.setId("admin"); userRepresentation.setEmail("admin@flowable.org"); userRepresentation.setFullName("Administrator"); // userRepresentation.setLastName("Administrator"); userRepresentation.setFirstName("Administrator"); List<String> privileges = new ArrayList<>(); privileges.add(DefaultPrivileges.ACCESS_MODELER); privileges.add(DefaultPrivileges.ACCESS_IDM); privileges.add(DefaultPrivileges.ACCESS_ADMIN); privileges.add(DefaultPrivileges.ACCESS_TASK); privileges.add(DefaultPrivileges.ACCESS_REST_API); userRepresentation.setPrivileges(privileges); return userRepresentation; } }
修改Application启动类配置
启用我们新修改的配置类 ApplicationConfiguration.class, AppDispatcherServletConfiguration.class, DatabaseAutoConfiguration.class
package com.flowable.modeler; import com.flowable.modeler.config.flowable.ApplicationConfiguration; import com.flowable.modeler.config.flowable.AppDispatcherServletConfiguration; import com.flowable.modeler.config.flowable.DatabaseAutoConfiguration; import org.flowable.ui.modeler.conf.DatabaseConfiguration; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Import; //启用全局异常拦截器 @Import(value={ // 引入修改的配置 ApplicationConfiguration.class, AppDispatcherServletConfiguration.class, // 引入 DatabaseConfiguration 表更新转换, DatabaseAutoConfiguration.class }) // Spring Cloud 为 Finchley 版本 @ComponentScan(basePackages = {"com.flowable.modeler.*"}) @SpringBootApplication(exclude={SecurityAutoConfiguration.class}) // @SpringBootApplication public class FlowableModelerDemoApplication { public static void main(String[] args) { SpringApplication.run(FlowableModelerDemoApplication.class, args); } }
启动项目
启动项目,访问 http://localhost:8087/
