diff --git a/README.md b/README.md index 5e1a174..539884a 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,38 @@ # camunda-cas-sso -Camunda CAS SSO plugin + +(Requires the normal CAS Tomcat authentication filters to work http://mvnrepository.com/artifact/org.jasig.cas/cas-client-core/3.1.10) + +Camunda CAS SSO Application Server Filter with user injection for debugging. Injects users into Camunda who were already authenticated using CAS. + +Currently makes all sections "available" to all users in the UI, but access rules are still in effect. + +The user to log in for debugging can be changed at the top of the filter class. + +The "webapp jar" consists of the zipped class files from the distribution's "camunda" webapp. + +https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/webapp/camunda-webapp/7.4.0/ + +Installation: +1. Import into Eclipse with Maven support. +2. Add camunda engine and webapp jars to the build path +3. Build a library jar file. +4. Put the result in Tomcat's or the webapp's classpath +5. Put Apache commons-logging in Tomcat's classpath http://commons.apache.org/proper/commons-logging/download_logging.cgi + +Activation in the webapp's web.xml: +* comment out the normal "Authentication filter" +* add the following filter description BEFORE the SecurityFilter + +(CAS filters themselves are omitted) +``` + + Camunda CAS SSO Filter + de.hofuniversity.iisys.camunda.sso.CASSSOFilter + +... + + Camunda CAS SSO Filter + /* + REQUEST + +``` \ No newline at end of file diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..f531aed --- /dev/null +++ b/pom.xml @@ -0,0 +1,49 @@ + + 4.0.0 + de.hofuniversity.iisys + camunda-cas-sso + 7.4.0 + + + + javax.servlet + javax.servlet-api + 3.1.0 + provided + + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + 1.7 + 1.7 + + + + + + + \ No newline at end of file diff --git a/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java b/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java new file mode 100644 index 0000000..c94e48f --- /dev/null +++ b/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java @@ -0,0 +1,130 @@ +package de.hofuniversity.iisys.camunda.sso; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.ServiceLoader; +import java.util.Set; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.camunda.bpm.engine.ProcessEngine; +import org.camunda.bpm.webapp.impl.security.SecurityActions; +import org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction; +import org.camunda.bpm.webapp.impl.security.auth.Authentication; +import org.camunda.bpm.webapp.impl.security.auth.Authentications; +import org.camunda.bpm.webapp.impl.security.auth.UserAuthentication; + +public class CASSSOFilter implements Filter +{ + @Override + public void init(FilterConfig arg0) throws ServletException + { + //nothing to do + } + + @Override + public void destroy() + { + //nothing to do + } + + @Override + public void doFilter(final ServletRequest request, + final ServletResponse response, final FilterChain filterChain) + throws IOException, ServletException + { + if(request instanceof HttpServletRequest) + { + HttpServletRequest req = (HttpServletRequest)request; + + //read and insert preauthenticated user + String user = req.getRemoteUser(); + + //for which process engine? + //TODO: make configurable + String engineName = "default"; + + Authentications authentications = Authentications.getFromSession( + req.getSession()); + Authentications.setCurrent(authentications); + + + //create and add authentication + //TODO: read from register? +// processEngine.getIdentityService().createGroupQuery().groupMember(username).list(); + List groupIds = new ArrayList(); + groupIds.add("camunda-admin"); + groupIds.add("camunda-user"); + + Set authorizedApps = new HashSet(); + authorizedApps.add("cockpit"); + authorizedApps.add("tasklist"); + authorizedApps.add("admin"); + + Authentication auth = new UserAuthentication(user, groupIds, + engineName, authorizedApps); + authentications.addAuthentication(auth); + + + Authentications.updateSession(req.getSession(), authentications); + //continue filter chain + try + { + SecurityActions.runWithAuthentications(new SecurityAction() + { + public Void execute() + { + try + { + filterChain.doFilter(request, response); + } + catch(Exception e) + { + throw new RuntimeException(e); + } + return null; + } + }, authentications); + } + finally + { + Authentications.clearCurrent(); + Authentications.updateSession(req.getSession(), authentications); + } + + + //clean up + Authentications.clearCurrent(); + Authentications.updateSession(req.getSession(), authentications); + } + } + +// protected ProcessEngine lookupProcessEngine(String engineName) +// { +// ServiceLoader serviceLoader = +// ServiceLoader.load(ProcessEngineProvider.class); +// Iterator iterator = serviceLoader.iterator(); +// +// if(iterator.hasNext()) +// { +// ProcessEngineProvider provider = iterator.next(); +// return provider.getProcessEngine(engineName); +// +// } +// else +// { +// throw new RestException(Status.INTERNAL_SERVER_ERROR, +// "Could not find an implementation of the "+ProcessEngineProvider.class+"- SPI"); +// } +// +// } +}