flowable 绕过idm自带的身份验证

简介: flowable 绕过idm自带的身份验证
package org.flowable.ui.common.security;
import org.fh.util.Jurisdiction;
import org.flowable.common.engine.api.FlowableIllegalStateException;
import org.flowable.idm.api.User;
import org.flowable.ui.common.model.RemoteUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList;
import java.util.List;
/**
 * 说明:重构流程编辑器获取用户信息
 * 作者:FH Admin
 * from:www.fhadmin.cn
 */
public class SecurityUtils {
  private static User assumeUser;
  private static SecurityScopeProvider securityScopeProvider = new FlowableSecurityScopeProvider();
  private SecurityUtils() {
  }
  /**
   * Get the login of the current user.
   */
  public static String getCurrentUserId() {
    User user = getCurrentUserObject();
    if (user != null) {
      return user.getId();
    }
    return null;
  }
  /**
   * @return the {@link User} object associated with the current logged in user.
   */
  public static User getCurrentUserObject() {
    if (assumeUser != null) {
      return assumeUser;
    }
    RemoteUser user = new RemoteUser();
    user.setId(Jurisdiction.getUsername());
    user.setDisplayName(Jurisdiction.getName());
    user.setFirstName(Jurisdiction.getName());
    user.setLastName(Jurisdiction.getName());
    user.setEmail("admin@flowable.com");
    user.setPassword("123456");
    List<String> pris = new ArrayList<>();
    pris.add(DefaultPrivileges.ACCESS_MODELER);
    pris.add(DefaultPrivileges.ACCESS_IDM);
    pris.add(DefaultPrivileges.ACCESS_ADMIN);
    pris.add(DefaultPrivileges.ACCESS_TASK);
    pris.add(DefaultPrivileges.ACCESS_REST_API);
    user.setPrivileges(pris);
    return user;
  }
    public static void setSecurityScopeProvider(SecurityScopeProvider securityScopeProvider) {
        SecurityUtils.securityScopeProvider = securityScopeProvider;
    }
    public static SecurityScope getCurrentSecurityScope() {
        SecurityContext securityContext = SecurityContextHolder.getContext();
        if (securityContext != null && securityContext.getAuthentication() != null) {
            return getSecurityScope(securityContext.getAuthentication());
        }
        return null;
    }
    public static SecurityScope getSecurityScope(Authentication authentication) {
        return securityScopeProvider.getSecurityScope(authentication);
    }
    public static SecurityScope getAuthenticatedSecurityScope() {
        SecurityScope currentSecurityScope = getCurrentSecurityScope();
        if (currentSecurityScope != null) {
            return currentSecurityScope;
        }
        throw new FlowableIllegalStateException("User is not authenticated");
    }
  public static void assumeUser(User user) {
    assumeUser = user;
  }
  public static void clearAssumeUser() {
    assumeUser = null;
  }
}

 

目录
打赏
0
0
0
0
6
分享
相关文章
|
9月前
|
BurpSuite插件 -- Struts2-RCE(文字版)
BurpSuite插件 -- Struts2-RCE(文字版)
104 0
安卓逆向 -- 绕过SO层签名验证
安卓逆向 -- 绕过SO层签名验证
193 1
CVE-2024-27198可RCE身份验证绕过JetBrains TeamCity
CVE-2024-27198可RCE身份验证绕过JetBrains TeamCity
134 0
python接口自动化(十三)--cookie绕过验证码登录(详解)
有些登录的接口会有验证码:短信验证码,图形验证码等,这种登录的话验证码参数可以从后台获取的(或者查数据库最直接)。获取不到也没关系,可以通过添加cookie的方式绕过验证码。(注意:并不是所有的登录都是用cookie来保 持登录的,有些是用token登录)
500 0
python接口自动化(十三)--cookie绕过验证码登录(详解)
Web暴力破解--前端JS表单加密进行爆破
0x01 前言   常见的js实现加密的方式有:md5、base64、shal,写了一个简单的demo作为测试。 0x02 代码 login.html 用户登录 function checkInput() { var password_input = document.
2510 0