在上个章节《[6]深入浅出工作开源框架Camunda: 如何远程Debug camunda-webapp的源代码》笔者解释了如何进行Camunda的远程Debug,这个章节笔者给大家分享如何进行camunda-webapp 用户登录功能代码分析. 首先还是输入,http://127.0.0.1:8080/camunda/app/welcome/default/#!/login
在这里插入图片描述
点击“Login” 按钮后,其会执行下面的代码:

package org.camunda.bpm.webapp.impl.security.auth;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;

/**
 * Jax-Rs resource allowing users to authenticate with username and password</p>
 *
 * @author Daniel Meyer
 *
 */
@Path(UserAuthenticationResource.PATH)
public class UserAuthenticationResource {

  public static final String PATH = "/auth/user";

  @Context
  protected HttpServletRequest request;

  @GET
  @Path("/{processEngineName}")
  public Response getAuthenticatedUser(@PathParam("processEngineName") String engineName) {
    Authentications allAuthentications = Authentications.getCurrent();

    if (allAuthentications == null) {
      return notFound();
    }

    Authentication engineAuth = allAuthentications.getAuthenticationForProcessEngine(engineName);

    if (engineAuth == null) {
      return notFound();
    } else {
      return Response.ok(AuthenticationDto.fromAuthentication(engineAuth)).build();
    }
  }

  @POST
  @Path("/{processEngineName}/login/{appName}")
  public Response doLogin(
      @PathParam("processEngineName") String engineName,
      @PathParam("appName") String appName,
      @FormParam("username") String username,
      @FormParam("password") String password) {

    final ProcessEngine processEngine = ProcessEngineUtil.lookupProcessEngine(engineName);
    if(processEngine == null) {
      throw new InvalidRequestException(Status.BAD_REQUEST, "Process engine with name "+engineName+" does not exist");
    }

    // make sure authentication is executed without authentication :)
    processEngine.getIdentityService().clearAuthentication();

    // check password / username
    boolean isPasswordValid = processEngine.getIdentityService().checkPassword(username, password);

    if (!isPasswordValid) {
      return unauthorized();
    }

    AuthenticationService authenticationService = new AuthenticationService();
    UserAuthentication authentication = (UserAuthentication) authenticationService.createAuthenticate(processEngine, username, null, null);

    Set<String> authorizedApps = authentication.getAuthorizedApps();

    if (!authorizedApps.contains(appName)) {
      return forbidden();
    }

    if (request != null) {
      Authentications.revalidateSession(request, authentication);
    }

    return Response.ok(AuthenticationDto.fromAuthentication(authentication)).build();
  }

  protected List<String> getGroupsOfUser(ProcessEngine engine, String userId) {
    List<Group> groups = engine.getIdentityService().createGroupQuery()
      .groupMember(userId)
      .list();

    List<String> groupIds = new ArrayList<String>();
    for (Group group : groups) {
      groupIds.add(group.getId());
    }
    return groupIds;
  }

  protected List<String> getTenantsOfUser(ProcessEngine engine, String userId) {
    List<Tenant> tenants = engine.getIdentityService().createTenantQuery()
      .userMember(userId)
      .includingGroupsOfUser(true)
      .list();

    List<String> tenantIds = new ArrayList<String>();
    for(Tenant tenant : tenants) {
      tenantIds.add(tenant.getId());
    }
    return tenantIds;
  }

  @POST
  @Path("/{processEngineName}/logout")
  public Response doLogout(@PathParam("processEngineName") String engineName) {
    final Authentications authentications = Authentications.getCurrent();

    // remove authentication for process engine
    authentications.removeAuthenticationForProcessEngine(engineName);

    return Response.ok().build();
  }

  protected Response unauthorized() {
    return Response.status(Status.UNAUTHORIZED).build();
  }

  protected Response forbidden() {
    return Response.status(Status.FORBIDDEN).build();
  }

  protected Response notFound() {
    return Response.status(Status.NOT_FOUND).build();
  }
}

上面代码来自于类UserAuthenticationResource, 其会调用doLogin() 方法,整体认证流程如下如所示意!
在这里插入图片描述

# java
Logo
AtomGit 开源协作平台测评赛

瓜分20万奖金 获得内推名额 丰厚实物奖励 易参与易上手

更多推荐

【Spring Boot 】Spring Boot + HikariCP 连接池使用示例

文章目录示例工具版本HikariCP 依赖HikariCP 配置1. connectionTimeout2. minimumIdle3. maximumPoolSize4. idleTimeout5. maxLifetime6. autoCommitSpring Boot Data + HikariCP + MySQL示例测试应用程序1. 使用 Maven 命令2. 使用 Eclipse3. 使用

avatar 开放原子开发者工作坊
cover

基于NSGAII的三目标优化算法

avatar 开放原子开发者工作坊
cover

教你python自动识别图文验证码的解决方案!

avatar 开放原子开发者工作坊