在Activiti BPM rest-webapp中设置自定义rest-authenticator
[英]Setting custom rest-authenticator in Activiti BPM rest-webapp
问题描述
we want to implement SSO in the Activiti BPM REST-API 5.15. 
我们想在Activiti BPM REST-API 5.15中实现SSO。 I followed exactly the description of the Activiti documentation to disable the build in basic authentication: http://www.activiti.org/userguide/#N12F8B The goal is to replace the build in basic authentication of the REST-API with our own SSO-Logic. 我完全遵循Activiti文档的描述来禁用基本身份验证中的构建: http : //www.activiti.org/userguide/#N12F8B目标是用我们自己的SSO替换REST-API的基本身份验证中的构建-逻辑。
Therefore, we need to disable the build in rest basic authentication. 因此,我们需要禁用基本身份验证中的构建。 To achieve this, I created a subclass of org.activiti.rest.service.application.ActivitiRestServicesApplication that implements the method boolean requestRequiresAuthentication(Request request) of the custom org.activiti.rest.common.filter.RestAuthenticator interface. 为此,我创建了org.activiti.rest.service.application.ActivitiRestServicesApplication的子类,该子类实现了自定义org.activiti.rest.common.filter.RestAuthenticator接口的方法boolean requestRequiresAuthentication(Request request)。 Always returning false disables the basic authentication in theory. 始终返回false会在理论上禁用基本身份验证。 I addition, I read this post: http://forums.activiti.org/content/issue-custom-restauthenticator-using-rest-513 另外,我读了这篇文章: http : //forums.activiti.org/content/issue-custom-restauthenticator-using-rest-513
Here is my class: 这是我的班级:
package org.activiti.rest.service.application;
import org.restlet.Request;
import org.restlet.data.Form;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.activiti.engine.identity.User;
import org.activiti.engine.impl.identity.Authentication;
import org.apache.commons.codec.binary.Base64;
import java.security.Key;
import java.security.MessageDigest;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Date;
import org.activiti.rest.common.api.ActivitiUtil;
import org.activiti.rest.common.filter.RestAuthenticator;
public class CustomActivitiRestServicesApplication extends ActivitiRestServicesApplication implements RestAuthenticator {
protected String ltpaKey;
protected String ltpaPassword;
private static final String AES_DECRIPTING_ALGORITHM = "AES/CBC/PKCS5Padding";
private static final String DES_DECRIPTING_ALGORITHM = "DESede/ECB/PKCS5Padding";
private static final String LTPA_COOKIE_NAME = "LtpaToken2";
String ltpaToken = null;
@Override
public boolean requestRequiresAuthentication(Request request) {
//LTPA-Encrypt-Logic
//Authentication.setAuthenticatedUserId(user.getId());
return false;
}
@Override
public boolean isRequestAuthorized(Request request) {
// TODO Auto-generated method stub
return false;
}
}
In addition, I altered the web.xml of the activiti-webapp-rest2, that it points to my custom implementation: 另外,我修改了activiti-webapp-rest2的web.xml,它指向我的自定义实现:
<!-- Restlet adapter -->
<servlet>
<servlet-name>RestletServlet</servlet-name>
<servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
<init-param>
<!-- Application class name -->
<param-name>org.restlet.application</param-name>
<param-value>org.activiti.rest.service.application.CustomActivitiRestServicesApplication</param-value>
</init-param>
</servlet>
The Problem is, that this takes no effekt. 问题是,这没有任何效果。 After redeploying, the rest-api still wants to have basic credentials and I have no idea, why. 重新部署后,rest-api仍然希望拥有基本凭证,我不知道为什么。
Any reply is appreciated. 任何回复表示赞赏。 I googled a lot but without success. 我google了很多但没有成功。
UPDATE: Maybe, this class could be helpful to set the custom REST-Authenticator: org.activiti.rest.common.application.ActivitiRestApplication 更新:也许,这个类可能有助于设置自定义REST-Authenticator:org.activiti.rest.common.application.ActivitiRestApplication
there you can find the method: 在那里你可以找到方法:
// Set authenticator as a NON-optional filter. If certain request require no authentication, a custom RestAuthenticator
// should be used to free the request from authentication.
authenticator = new ChallengeAuthenticator(null, true, ChallengeScheme.HTTP_BASIC,
"Activiti Realm") {
@Override
protected boolean authenticate(Request request, Response response) {
// Check if authentication is required if a custom RestAuthenticator is set
if(restAuthenticator != null && !restAuthenticator.requestRequiresAuthentication(request)) {
return true;
}
if (request.getChallengeResponse() == null) {
return false;
} else {
boolean authenticated = super.authenticate(request, response);
if(authenticated && restAuthenticator != null) {
// Additional check to see if authenticated user is authorised. By default, when no RestAuthenticator
// is set, a valid user can perform any request.
authenticated = restAuthenticator.isRequestAuthorized(request);
}
return authenticated;
}
}
};
authenticator.setVerifier(verifier);
} }
But I still do not understand how to "set" my custom rest authenticator. 但我仍然不明白如何“设置”我的自定义休息验证器。 Any help is more than welcome Thanks a lot, Ben 任何帮助都非常欢迎非常感谢Ben
2 个解决方案
解决方案1
1 2014-05-13 13:08:10
I believe your problem is that you still have the authentication filter defined in the createInboundRoot() method (since it doesnt appear as though you overrode that method). 我相信你的问题是你仍然在createInboundRoot()方法中定义了身份验证过滤器(因为它看起来好像你覆盖了那个方法)。
@Override public synchronized Restlet createInboundRoot() { initializeAuthentication(); @Override public synchronized Restlet createInboundRoot(){initializeAuthentication();
Router router = new Router(getContext());
router.attachDefault(DefaultResource.class);
RestServicesInit.attachResources(router);
JsonpFilter jsonpFilter = new JsonpFilter(getContext());
**authenticator.setNext(jsonpFilter);
jsonpFilter.setNext(router);**
// Get hold of JSONConverter and enable ISO-date format by default
List<ConverterHelper> registeredConverters = Engine.getInstance().getRegisteredConverters();
for(ConverterHelper helper : registeredConverters) {
if(helper instanceof JacksonConverter) {
JacksonConverter jacksonConverter = (JacksonConverter) helper;
jacksonConverter.getObjectMapper().configure(SerializationConfig.Feature.WRITE_DATES_AS_TIMESTAMPS, false);
}
}
**return authenticator;**
} }
You should remove the authentication filter, or, better still, create your own filter for use with Websphere (since you are using LTPA tokens, I assume you are using Websphere as the container). 您应该删除身份验证过滤器,或者更好的是,创建自己的过滤器以与Websphere一起使用(因为您使用的是LTPA令牌,我假设您使用的是Websphere作为容器)。
Let me know if I can be of any further help. 如果我有任何进一步的帮助,请告诉我。
Thanks, Greg Harley - BP3 谢谢Greg Harley - BP3
解决方案2
1 已采纳 2014-05-15 10:34:34
I solved it this way: 我这样解决了:
1.) Create the class org.activiti.rest.common.filter.RestAuthenticatorImpl.java which implements the method public boolean requestRequiresAuthentication(Request request) 1.)创建类org.activiti.rest.common.filter.RestAuthenticatorImpl.java,它实现方法public boolean requestRequiresAuthentication(Request request)
2.) Set your custom RestAuthenticator in org.activiti.rest.common.application.ActivitiRestApplication.java like this: 2.)在org.activiti.rest.common.application.ActivitiRestApplication.java中设置自定义RestAuthenticator,如下所示:
In the Constructor public ActivitiRestApplication(), add these lines of code: 在构造函数public ActivitiRestApplication()中,添加以下代码行:
restAuthenticator = new RestAuthenticatorImpl();
setRestAuthenticator(restAuthenticator);
Greg, thanks for your suggestions! 格雷格,谢谢你的建议!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.