![cover](https://img-blog.csdnimg.cn/b00cb06655dc490f8da1e3f8fc8a573d.png)
[7]深入浅出工作开源框架Camunda: camunda-webapp 用户登录功能代码分析
在上个章节《[6]深入浅出工作开源框架Camunda: 如何远程Debug camunda-webapp的源代码》笔者解释了如何进行Camunda的远程Debug,这个章节笔者给大家分享如何进行camunda-webapp 用户登录功能代码分析. 首先还是输入,http://127.0.0.1:8080/camunda/app/welcome/default/#!/login点击“Login” 按
·
在上个章节《[6]深入浅出工作开源框架Camunda: 如何远程Debug camunda-webapp的源代码》笔者解释了如何进行Camunda的远程Debug,这个章节笔者给大家分享如何进行camunda-webapp 用户登录功能代码分析. 首先还是输入,http://127.0.0.1:8080/camunda/app/welcome/default/#!/login
点击“Login” 按钮后,其会执行下面的代码:
package org.camunda.bpm.webapp.impl.security.auth;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;
/**
* Jax-Rs resource allowing users to authenticate with username and password</p>
*
* @author Daniel Meyer
*
*/
@Path(UserAuthenticationResource.PATH)
public class UserAuthenticationResource {
public static final String PATH = "/auth/user";
@Context
protected HttpServletRequest request;
@GET
@Path("/{processEngineName}")
public Response getAuthenticatedUser(@PathParam("processEngineName") String engineName) {
Authentications allAuthentications = Authentications.getCurrent();
if (allAuthentications == null) {
return notFound();
}
Authentication engineAuth = allAuthentications.getAuthenticationForProcessEngine(engineName);
if (engineAuth == null) {
return notFound();
} else {
return Response.ok(AuthenticationDto.fromAuthentication(engineAuth)).build();
}
}
@POST
@Path("/{processEngineName}/login/{appName}")
public Response doLogin(
@PathParam("processEngineName") String engineName,
@PathParam("appName") String appName,
@FormParam("username") String username,
@FormParam("password") String password) {
final ProcessEngine processEngine = ProcessEngineUtil.lookupProcessEngine(engineName);
if(processEngine == null) {
throw new InvalidRequestException(Status.BAD_REQUEST, "Process engine with name "+engineName+" does not exist");
}
// make sure authentication is executed without authentication :)
processEngine.getIdentityService().clearAuthentication();
// check password / username
boolean isPasswordValid = processEngine.getIdentityService().checkPassword(username, password);
if (!isPasswordValid) {
return unauthorized();
}
AuthenticationService authenticationService = new AuthenticationService();
UserAuthentication authentication = (UserAuthentication) authenticationService.createAuthenticate(processEngine, username, null, null);
Set<String> authorizedApps = authentication.getAuthorizedApps();
if (!authorizedApps.contains(appName)) {
return forbidden();
}
if (request != null) {
Authentications.revalidateSession(request, authentication);
}
return Response.ok(AuthenticationDto.fromAuthentication(authentication)).build();
}
protected List<String> getGroupsOfUser(ProcessEngine engine, String userId) {
List<Group> groups = engine.getIdentityService().createGroupQuery()
.groupMember(userId)
.list();
List<String> groupIds = new ArrayList<String>();
for (Group group : groups) {
groupIds.add(group.getId());
}
return groupIds;
}
protected List<String> getTenantsOfUser(ProcessEngine engine, String userId) {
List<Tenant> tenants = engine.getIdentityService().createTenantQuery()
.userMember(userId)
.includingGroupsOfUser(true)
.list();
List<String> tenantIds = new ArrayList<String>();
for(Tenant tenant : tenants) {
tenantIds.add(tenant.getId());
}
return tenantIds;
}
@POST
@Path("/{processEngineName}/logout")
public Response doLogout(@PathParam("processEngineName") String engineName) {
final Authentications authentications = Authentications.getCurrent();
// remove authentication for process engine
authentications.removeAuthenticationForProcessEngine(engineName);
return Response.ok().build();
}
protected Response unauthorized() {
return Response.status(Status.UNAUTHORIZED).build();
}
protected Response forbidden() {
return Response.status(Status.FORBIDDEN).build();
}
protected Response notFound() {
return Response.status(Status.NOT_FOUND).build();
}
}
上面代码来自于类UserAuthenticationResource, 其会调用doLogin() 方法,整体认证流程如下如所示意!
更多推荐
所有评论(0)