Skip to content

Commit

Permalink
initial source code commit
Browse files Browse the repository at this point in the history
  • Loading branch information
fholzschuher2 committed Sep 15, 2016
1 parent ddd3d5e commit c58a5af
Show file tree
Hide file tree
Showing 3 changed files with 216 additions and 1 deletion.
38 changes: 37 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,38 @@
# camunda-cas-sso
Camunda CAS SSO plugin

(Requires the normal CAS Tomcat authentication filters to work http://mvnrepository.com/artifact/org.jasig.cas/cas-client-core/3.1.10)

Camunda CAS SSO Application Server Filter with user injection for debugging. Injects users into Camunda who were already authenticated using CAS.

Currently makes all sections "available" to all users in the UI, but access rules are still in effect.

The user to log in for debugging can be changed at the top of the filter class.

The "webapp jar" consists of the zipped class files from the distribution's "camunda" webapp.

https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/webapp/camunda-webapp/7.4.0/

Installation:
1. Import into Eclipse with Maven support.
2. Add camunda engine and webapp jars to the build path
3. Build a library jar file.
4. Put the result in Tomcat's or the webapp's classpath
5. Put Apache commons-logging in Tomcat's classpath http://commons.apache.org/proper/commons-logging/download_logging.cgi

Activation in the webapp's web.xml:
* comment out the normal "Authentication filter"
* add the following filter description BEFORE the SecurityFilter

(CAS filters themselves are omitted)
```
<filter>
<filter-name>Camunda CAS SSO Filter</filter-name>
<filter-class>de.hofuniversity.iisys.camunda.sso.CASSSOFilter</filter-class>
</filter>
...
<filter-mapping>
<filter-name>Camunda CAS SSO Filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
```
49 changes: 49 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.hofuniversity.iisys</groupId>
<artifactId>camunda-cas-sso</artifactId>
<version>7.4.0</version>

<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>

<!--dependency>
<groupId>org.camunda.bpm</groupId>
<artifactId>camunda-engine</artifactId>
<version>7.5.0</version>
</dependency-->
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>

<!--repositories>
<repository>
<id>camunda-bpm-nexus</id>
<name>camunda-bpm-nexus</name>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
<url>https://app.camunda.com/nexus/content/groups/public</url>
</repository>
</repositories-->
</project>
130 changes: 130 additions & 0 deletions src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
package de.hofuniversity.iisys.camunda.sso;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.webapp.impl.security.SecurityActions;
import org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction;
import org.camunda.bpm.webapp.impl.security.auth.Authentication;
import org.camunda.bpm.webapp.impl.security.auth.Authentications;
import org.camunda.bpm.webapp.impl.security.auth.UserAuthentication;

public class CASSSOFilter implements Filter
{
@Override
public void init(FilterConfig arg0) throws ServletException
{
//nothing to do
}

@Override
public void destroy()
{
//nothing to do
}

@Override
public void doFilter(final ServletRequest request,
final ServletResponse response, final FilterChain filterChain)
throws IOException, ServletException
{
if(request instanceof HttpServletRequest)
{
HttpServletRequest req = (HttpServletRequest)request;

//read and insert preauthenticated user
String user = req.getRemoteUser();

//for which process engine?
//TODO: make configurable
String engineName = "default";

Authentications authentications = Authentications.getFromSession(
req.getSession());
Authentications.setCurrent(authentications);


//create and add authentication
//TODO: read from register?
// processEngine.getIdentityService().createGroupQuery().groupMember(username).list();
List<String> groupIds = new ArrayList<String>();
groupIds.add("camunda-admin");
groupIds.add("camunda-user");

Set<String> authorizedApps = new HashSet<String>();
authorizedApps.add("cockpit");
authorizedApps.add("tasklist");
authorizedApps.add("admin");

Authentication auth = new UserAuthentication(user, groupIds,
engineName, authorizedApps);
authentications.addAuthentication(auth);


Authentications.updateSession(req.getSession(), authentications);
//continue filter chain
try
{
SecurityActions.runWithAuthentications(new SecurityAction<Void>()
{
public Void execute()
{
try
{
filterChain.doFilter(request, response);
}
catch(Exception e)
{
throw new RuntimeException(e);
}
return null;
}
}, authentications);
}
finally
{
Authentications.clearCurrent();
Authentications.updateSession(req.getSession(), authentications);
}


//clean up
Authentications.clearCurrent();
Authentications.updateSession(req.getSession(), authentications);
}
}

// protected ProcessEngine lookupProcessEngine(String engineName)
// {
// ServiceLoader<ProcessEngineProvider> serviceLoader =
// ServiceLoader.load(ProcessEngineProvider.class);
// Iterator<ProcessEngineProvider> iterator = serviceLoader.iterator();
//
// if(iterator.hasNext())
// {
// ProcessEngineProvider provider = iterator.next();
// return provider.getProcessEngine(engineName);
//
// }
// else
// {
// throw new RestException(Status.INTERNAL_SERVER_ERROR,
// "Could not find an implementation of the "+ProcessEngineProvider.class+"- SPI");
// }
//
// }
}

0 comments on commit c58a5af

Please sign in to comment.