flowable工作流引擎如何实现自定义权限管理
发表于:2024-11-28 作者:千家信息网编辑
千家信息网最后更新 2024年11月28日,小编给大家分享一下flowable工作流引擎如何实现自定义权限管理,希望大家阅读完这篇文章之后都有所收获,下面让我们一起去探讨吧!场景: 对已有系统集成工作流,系统已经有一整套的权限管理模块,并且后期
千家信息网最后更新 2024年11月28日flowable工作流引擎如何实现自定义权限管理
小编给大家分享一下flowable工作流引擎如何实现自定义权限管理,希望大家阅读完这篇文章之后都有所收获,下面让我们一起去探讨吧!
场景: 对已有系统集成工作流,系统已经有一整套的权限管理模块,并且后期需要改造为单独的微服务,无法简单通过网上的建立视图进行解决,同时考虑到数据同步到 flowable 的方式,需要改造现有系统的代码,后期如果接入无人维护的系统,比较麻烦。如果选择自定义查询,可以更灵活定制。虽然会有一定的开发工作量,但比较符合目前的系统现状。
想法:参考 集成 LDAP 的实现方式
可以覆盖IdmIdentityServiceImpl类,或者直接实现IdmIdentityService接口,并使用实现类作为ProcessEngineConfiguration中的idmIdentityService参数。
参考 LDAPIdentityServiceImpl 的注册到 flowable 引擎配置类的实现方式
在SpringBoot中,可以向ProcessEngineConfigurationbean定义添加下面的代码实现:
@Bean public EngineConfigurationConfigurerMyIdmEngineConfigurer() { return idmEngineConfiguration -> idmEngineConfiguration .setIdmIdentityService(new IdmIdentityServiceHandler()); }
其中 IdmIdentityServiceHandler 同样参考 LDAPIdentityServiceImpl 继承 IdmIdentityServiceImpl 进行处理。
package com.jxlgzwh.handler;import org.flowable.common.engine.api.FlowableException;import org.flowable.idm.api.*;import org.flowable.idm.engine.impl.IdmIdentityServiceImpl;import org.flowable.idm.engine.impl.persistence.entity.GroupEntityImpl;import org.flowable.idm.engine.impl.persistence.entity.UserEntityImpl;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import java.util.ArrayList;import java.util.List;public class IdmIdentityServiceHandler extends IdmIdentityServiceImpl { private static final Logger LOGGER = LoggerFactory.getLogger(IdmIdentityServiceHandler.class); @Override public UserQuery createUserQuery() { System.out.println("用户查询--"); return null; } @Override public GroupQuery createGroupQuery() { System.out.println("用户组查询--"); return null; } @Override public boolean checkPassword(String userId, String password) { return true; } @Override public List getGroupsWithPrivilege(String name) { System.out.println("查询--"); throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public List getUsersWithPrivilege(String name) { System.out.println("查询--"); throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public User newUser(String userId) { throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public void saveUser(User user) { throw new FlowableException("LDAP identity service doesn't support saving an user"); } @Override public NativeUserQuery createNativeUserQuery() { throw new FlowableException("LDAP identity service doesn't support native querying"); } @Override public void deleteUser(String userId) { throw new FlowableException("LDAP identity service doesn't support deleting an user"); } @Override public Group newGroup(String groupId) { throw new FlowableException("LDAP identity service doesn't support creating a new group"); } @Override public NativeGroupQuery createNativeGroupQuery() { throw new FlowableException("LDAP identity service doesn't support native querying"); } @Override public void saveGroup(Group group) { throw new FlowableException("LDAP identity service doesn't support saving a group"); } @Override public void deleteGroup(String groupId) { throw new FlowableException("LDAP identity service doesn't support deleting a group"); }} 考虑到不需要对 flowable 的 权限进行维护,所以无需实现 新增 和修改方法。
验证: 写个方法进行测试是否生效
@RequestMapping(value = "is") @ResponseBody public String identityService() { identityService.createUserQuery(); return "测试"; }
访问方法,后台打印 "用户查询--" 表明配置成功。
集成 LDAP 的完整代码 可以在GitHub查看代码:LDAPIdentityServiceImpl。
其中 用户查询 LDAPUserQueryImpl 继承了 UserQueryImpl ; 用户组查询 LDAPGroupQueryImpl extends GroupQueryImpl
/* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.flowable.ldap.impl;import java.util.ArrayList;import java.util.List;import javax.naming.NamingEnumeration;import javax.naming.NamingException;import javax.naming.directory.InitialDirContext;import javax.naming.directory.SearchControls;import javax.naming.directory.SearchResult;import org.flowable.common.engine.impl.interceptor.CommandContext;import org.flowable.idm.api.User;import org.flowable.idm.engine.impl.UserQueryImpl;import org.flowable.idm.engine.impl.persistence.entity.UserEntity;import org.flowable.idm.engine.impl.persistence.entity.UserEntityImpl;import org.flowable.ldap.LDAPCallBack;import org.flowable.ldap.LDAPConfiguration;import org.flowable.ldap.LDAPTemplate;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class LDAPUserQueryImpl extends UserQueryImpl { private static final long serialVersionUID = 1L; private static final Logger LOGGER = LoggerFactory.getLogger(LDAPUserQueryImpl.class); protected LDAPConfiguration ldapConfigurator; public LDAPUserQueryImpl(LDAPConfiguration ldapConfigurator) { this.ldapConfigurator = ldapConfigurator; } @Override public long executeCount(CommandContext commandContext) { return executeQuery().size(); } @Override public List executeList(CommandContext commandContext) { return executeQuery(); } protected List executeQuery() { if (getId() != null) { List result = new ArrayList<>(); result.add(findById(getId())); return result; } else if (getIdIgnoreCase() != null) { List result = new ArrayList<>(); result.add(findById(getIdIgnoreCase())); return result; } else if (getFullNameLike() != null) { return executeNameQuery(getFullNameLike()); } else if (getFullNameLikeIgnoreCase() != null) { return executeNameQuery(getFullNameLikeIgnoreCase()); } else { return executeAllUserQuery(); } } protected List executeNameQuery(String name) { String fullName = name.replaceAll("%", ""); String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullName); return executeUsersQuery(searchExpression); } protected List executeAllUserQuery() { String searchExpression = ldapConfigurator.getQueryAllUsers(); return executeUsersQuery(searchExpression); } protected UserEntity findById(final String userId) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack() { @Override public UserEntity executeInContext(InitialDirContext initialDirContext) { try { String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByUserId(ldapConfigurator, userId); String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); UserEntity user = new UserEntityImpl(); while (namingEnum.hasMore()) { // Should be only one SearchResult result = (SearchResult) namingEnum.next(); mapSearchResultToUser(result, user); } namingEnum.close(); return user; } catch (NamingException ne) { LOGGER.error("Could not find user {} : {}", userId, ne.getMessage(), ne); return null; } } }); } protected List executeUsersQuery(final String searchExpression) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack>() { @Override public List executeInContext(InitialDirContext initialDirContext) { List result = new ArrayList<>(); try { String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); while (namingEnum.hasMore()) { SearchResult searchResult = (SearchResult) namingEnum.next(); UserEntity user = new UserEntityImpl(); mapSearchResultToUser(searchResult, user); result.add(user); } namingEnum.close(); } catch (NamingException ne) { LOGGER.debug("Could not execute LDAP query: {}", ne.getMessage(), ne); return null; } return result; } }); } protected void mapSearchResultToUser(SearchResult result, UserEntity user) throws NamingException { if (ldapConfigurator.getUserIdAttribute() != null) { user.setId(result.getAttributes().get(ldapConfigurator.getUserIdAttribute()).get().toString()); } if (ldapConfigurator.getUserFirstNameAttribute() != null) { try { user.setFirstName(result.getAttributes().get(ldapConfigurator.getUserFirstNameAttribute()).get().toString()); } catch (NullPointerException e) { user.setFirstName(""); } } if (ldapConfigurator.getUserLastNameAttribute() != null) { try { user.setLastName(result.getAttributes().get(ldapConfigurator.getUserLastNameAttribute()).get().toString()); } catch (NullPointerException e) { user.setLastName(""); } } if (ldapConfigurator.getUserEmailAttribute() != null) { try { user.setEmail(result.getAttributes().get(ldapConfigurator.getUserEmailAttribute()).get().toString()); } catch (NullPointerException e) { user.setEmail(""); } } } protected SearchControls createSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(ldapConfigurator.getSearchTimeLimit()); return searchControls; }} /* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.flowable.ldap.impl;import java.util.ArrayList;import java.util.List;import javax.naming.NamingEnumeration;import javax.naming.NamingException;import javax.naming.directory.InitialDirContext;import javax.naming.directory.SearchControls;import javax.naming.directory.SearchResult;import org.flowable.common.engine.api.FlowableException;import org.flowable.common.engine.impl.interceptor.CommandContext;import org.flowable.idm.api.Group;import org.flowable.idm.engine.impl.GroupQueryImpl;import org.flowable.idm.engine.impl.persistence.entity.GroupEntity;import org.flowable.idm.engine.impl.persistence.entity.GroupEntityImpl;import org.flowable.ldap.LDAPCallBack;import org.flowable.ldap.LDAPConfiguration;import org.flowable.ldap.LDAPGroupCache;import org.flowable.ldap.LDAPTemplate;public class LDAPGroupQueryImpl extends GroupQueryImpl { private static final long serialVersionUID = 1L; protected LDAPConfiguration ldapConfigurator; protected LDAPGroupCache ldapGroupCache; public LDAPGroupQueryImpl(LDAPConfiguration ldapConfigurator, LDAPGroupCache ldapGroupCache) { this.ldapConfigurator = ldapConfigurator; this.ldapGroupCache = ldapGroupCache; } @Override public long executeCount(CommandContext commandContext) { return executeQuery().size(); } @Override public List executeList(CommandContext commandContext) { return executeQuery(); } protected List executeQuery() { if (getUserId() != null) { return findGroupsByUser(getUserId()); } else if (getId() != null) { return findGroupsById(getId()); } else { return findAllGroups(); } } protected List findGroupsByUser(String userId) { // First try the cache (if one is defined) if (ldapGroupCache != null) { List groups = ldapGroupCache.get(userId); if (groups != null) { return groups; } } String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryGroupsForUser(ldapConfigurator, userId); List groups = executeGroupQuery(searchExpression); // Cache results for later if (ldapGroupCache != null) { ldapGroupCache.add(userId, groups); } return groups; } protected List findGroupsById(String id) { String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryGroupsById(ldapConfigurator, id); return executeGroupQuery(searchExpression); } protected List findAllGroups() { String searchExpression = ldapConfigurator.getQueryAllGroups(); List groups = executeGroupQuery(searchExpression); return groups; } protected List executeGroupQuery(final String searchExpression) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack>() { @Override public List executeInContext(InitialDirContext initialDirContext) { List groups = new ArrayList<>(); try { String baseDn = ldapConfigurator.getGroupBaseDn() != null ? ldapConfigurator.getGroupBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); while (namingEnum.hasMore()) { // Should be only one SearchResult result = (SearchResult) namingEnum.next(); GroupEntity group = new GroupEntityImpl(); if (ldapConfigurator.getGroupIdAttribute() != null) { group.setId(result.getAttributes().get(ldapConfigurator.getGroupIdAttribute()).get().toString()); } if (ldapConfigurator.getGroupNameAttribute() != null) { group.setName(result.getAttributes().get(ldapConfigurator.getGroupNameAttribute()).get().toString()); } if (ldapConfigurator.getGroupTypeAttribute() != null) { group.setType(result.getAttributes().get(ldapConfigurator.getGroupTypeAttribute()).get().toString()); } groups.add(group); } namingEnum.close(); return groups; } catch (NamingException e) { throw new FlowableException("Could not find groups " + searchExpression, e); } } }); } protected SearchControls createSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(ldapConfigurator.getSearchTimeLimit()); return searchControls; }} 根据自己的业务需要,提供用户的管理功能。关键部分:
配置IdmEngineConfiguration参数
实现IdmIdentityService,可继承IdmIdentityServiceImpl
实现UserQuery,可继承UserQueryImpl
实现GroupQuery,可继承GroupQueryImpl
实现PrivilegeQuery,可继承PrivilegeQueryImpl
相当于做自己的权限管理系统的查询客户端。
看完了这篇文章,相信你对"flowable工作流引擎如何实现自定义权限管理"有了一定的了解,如果想了解更多相关知识,欢迎关注行业资讯频道,感谢各位的阅读!
查询
用户
系统
权限
管理
工作
代码
工作流
引擎
方式
方法
参考
配置
参数
用户组
篇文章
改造
测试
成功
业务
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
阿里云香港云服务器怎样购买
为什么服务器拒绝发送邮件地址
大象免费外网服务器在线
合同管理系统软件开发
数据库课程设计项目背景
教育软件开发的公司有哪些
增删改查是要学数据库吗
网络安全发班群信息
一个数据库多条记录
国家网络安全应该学什么
防火增是常用的网络安全工具
药物在线数据库所有人
网络安全模式在哪设置密码
软件开发一般用什么笔记本
数据库字符串编码
刀片服务器刀箱
鸡兔同笼课件软件开发
4个系统数据库是哪4个
大学生网络安全例子
网络安全防诈骗的安全心得
服务器故障排查
宁波直销软件开发中心
参加网络安全大赛的作用
连锁管理软件开发成本
共享网络安全共享网络文明
外网访问linux服务器
数据库分页后查询效果
松江区项目数据库清单
适当注意网络安全英语作文
华为传输网络技术
