-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ddd3d5e
commit c58a5af
Showing
3 changed files
with
216 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,38 @@ | ||
# camunda-cas-sso | ||
Camunda CAS SSO plugin | ||
|
||
(Requires the normal CAS Tomcat authentication filters to work http://mvnrepository.com/artifact/org.jasig.cas/cas-client-core/3.1.10) | ||
|
||
Camunda CAS SSO Application Server Filter with user injection for debugging. Injects users into Camunda who were already authenticated using CAS. | ||
|
||
Currently makes all sections "available" to all users in the UI, but access rules are still in effect. | ||
|
||
The user to log in for debugging can be changed at the top of the filter class. | ||
|
||
The "webapp jar" consists of the zipped class files from the distribution's "camunda" webapp. | ||
|
||
https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/webapp/camunda-webapp/7.4.0/ | ||
|
||
Installation: | ||
1. Import into Eclipse with Maven support. | ||
2. Add camunda engine and webapp jars to the build path | ||
3. Build a library jar file. | ||
4. Put the result in Tomcat's or the webapp's classpath | ||
5. Put Apache commons-logging in Tomcat's classpath http://commons.apache.org/proper/commons-logging/download_logging.cgi | ||
|
||
Activation in the webapp's web.xml: | ||
* comment out the normal "Authentication filter" | ||
* add the following filter description BEFORE the SecurityFilter | ||
|
||
(CAS filters themselves are omitted) | ||
``` | ||
<filter> | ||
<filter-name>Camunda CAS SSO Filter</filter-name> | ||
<filter-class>de.hofuniversity.iisys.camunda.sso.CASSSOFilter</filter-class> | ||
</filter> | ||
... | ||
<filter-mapping> | ||
<filter-name>Camunda CAS SSO Filter</filter-name> | ||
<url-pattern>/*</url-pattern> | ||
<dispatcher>REQUEST</dispatcher> | ||
</filter-mapping> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<groupId>de.hofuniversity.iisys</groupId> | ||
<artifactId>camunda-cas-sso</artifactId> | ||
<version>7.4.0</version> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>javax.servlet</groupId> | ||
<artifactId>javax.servlet-api</artifactId> | ||
<version>3.1.0</version> | ||
<scope>provided</scope> | ||
</dependency> | ||
|
||
<!--dependency> | ||
<groupId>org.camunda.bpm</groupId> | ||
<artifactId>camunda-engine</artifactId> | ||
<version>7.5.0</version> | ||
</dependency--> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.1</version> | ||
<configuration> | ||
<source>1.7</source> | ||
<target>1.7</target> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
<!--repositories> | ||
<repository> | ||
<id>camunda-bpm-nexus</id> | ||
<name>camunda-bpm-nexus</name> | ||
<releases> | ||
<enabled>true</enabled> | ||
</releases> | ||
<snapshots> | ||
<enabled>true</enabled> | ||
</snapshots> | ||
<url>https://app.camunda.com/nexus/content/groups/public</url> | ||
</repository> | ||
</repositories--> | ||
</project> |
130 changes: 130 additions & 0 deletions
130
src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
package de.hofuniversity.iisys.camunda.sso; | ||
|
||
import java.io.IOException; | ||
import java.util.ArrayList; | ||
import java.util.HashSet; | ||
import java.util.Iterator; | ||
import java.util.List; | ||
import java.util.ServiceLoader; | ||
import java.util.Set; | ||
|
||
import javax.servlet.Filter; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.FilterConfig; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.ServletRequest; | ||
import javax.servlet.ServletResponse; | ||
import javax.servlet.http.HttpServletRequest; | ||
|
||
import org.camunda.bpm.engine.ProcessEngine; | ||
import org.camunda.bpm.webapp.impl.security.SecurityActions; | ||
import org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction; | ||
import org.camunda.bpm.webapp.impl.security.auth.Authentication; | ||
import org.camunda.bpm.webapp.impl.security.auth.Authentications; | ||
import org.camunda.bpm.webapp.impl.security.auth.UserAuthentication; | ||
|
||
public class CASSSOFilter implements Filter | ||
{ | ||
@Override | ||
public void init(FilterConfig arg0) throws ServletException | ||
{ | ||
//nothing to do | ||
} | ||
|
||
@Override | ||
public void destroy() | ||
{ | ||
//nothing to do | ||
} | ||
|
||
@Override | ||
public void doFilter(final ServletRequest request, | ||
final ServletResponse response, final FilterChain filterChain) | ||
throws IOException, ServletException | ||
{ | ||
if(request instanceof HttpServletRequest) | ||
{ | ||
HttpServletRequest req = (HttpServletRequest)request; | ||
|
||
//read and insert preauthenticated user | ||
String user = req.getRemoteUser(); | ||
|
||
//for which process engine? | ||
//TODO: make configurable | ||
String engineName = "default"; | ||
|
||
Authentications authentications = Authentications.getFromSession( | ||
req.getSession()); | ||
Authentications.setCurrent(authentications); | ||
|
||
|
||
//create and add authentication | ||
//TODO: read from register? | ||
// processEngine.getIdentityService().createGroupQuery().groupMember(username).list(); | ||
List<String> groupIds = new ArrayList<String>(); | ||
groupIds.add("camunda-admin"); | ||
groupIds.add("camunda-user"); | ||
|
||
Set<String> authorizedApps = new HashSet<String>(); | ||
authorizedApps.add("cockpit"); | ||
authorizedApps.add("tasklist"); | ||
authorizedApps.add("admin"); | ||
|
||
Authentication auth = new UserAuthentication(user, groupIds, | ||
engineName, authorizedApps); | ||
authentications.addAuthentication(auth); | ||
|
||
|
||
Authentications.updateSession(req.getSession(), authentications); | ||
//continue filter chain | ||
try | ||
{ | ||
SecurityActions.runWithAuthentications(new SecurityAction<Void>() | ||
{ | ||
public Void execute() | ||
{ | ||
try | ||
{ | ||
filterChain.doFilter(request, response); | ||
} | ||
catch(Exception e) | ||
{ | ||
throw new RuntimeException(e); | ||
} | ||
return null; | ||
} | ||
}, authentications); | ||
} | ||
finally | ||
{ | ||
Authentications.clearCurrent(); | ||
Authentications.updateSession(req.getSession(), authentications); | ||
} | ||
|
||
|
||
//clean up | ||
Authentications.clearCurrent(); | ||
Authentications.updateSession(req.getSession(), authentications); | ||
} | ||
} | ||
|
||
// protected ProcessEngine lookupProcessEngine(String engineName) | ||
// { | ||
// ServiceLoader<ProcessEngineProvider> serviceLoader = | ||
// ServiceLoader.load(ProcessEngineProvider.class); | ||
// Iterator<ProcessEngineProvider> iterator = serviceLoader.iterator(); | ||
// | ||
// if(iterator.hasNext()) | ||
// { | ||
// ProcessEngineProvider provider = iterator.next(); | ||
// return provider.getProcessEngine(engineName); | ||
// | ||
// } | ||
// else | ||
// { | ||
// throw new RestException(Status.INTERNAL_SERVER_ERROR, | ||
// "Could not find an implementation of the "+ProcessEngineProvider.class+"- SPI"); | ||
// } | ||
// | ||
// } | ||
} |