SpringBoot集成Camunda流程框架
目录
目的
Springboot项目需要引入整套的流程框架Camunda,适配项目本身的token鉴权机制,同时不影响Camunda的登录与流程管理。使用官方提供的流程设计器,使用官方的流程管理界面,springboot应用调用engine-rest接口来操作流程相关的接口。
项目结构
│ CamundaAdapterConfig.java
│
├─adapter
│ IUserAdapterService.java
│
├─config
│ CamundaAuthenticationProvider.java
│ CamundaSecurityFilter.java
│ CamundaUserSyncConfig.java
│
├─enums
│ CamundaUserEventType.java
│
├─eventlistener
│ CamundaEventListener.java
│ CamundaUserEvent.java
│
└─service
IDeploymentService.java
IProcessInstanceService.java
ITaskInstanceService.java
代码说明
Spring包扫描配置(CamundaAdapterConfig.java)
@Configuration
@ComponentScan(basePackages = "com.demo.workflow.**")
public class CamundaAdapterConfig {
}
用户信息适配接口(IUserAdapterService.java)
public interface IUserAdapterService {
/**
* 获取登录用户
*
* @return 返回用户信息,必须保证密码为为加密密码,如果不能保证就获取外部权限接口返回数据后判断填入管理员账号
*/
User getLoginUser();
/**
* 获取所有参与流程的用户列表
*
* @return 参与流程的用户列表,必须保证密码为未加密密码
*/
List<UserEntity> getWorkflowUsers();
}
BearToken鉴权适配器(CamundaAuthenticationProvider.java)
继承Camunda默认提供的Basic用户名密码鉴权类HttpBasicAuthenticationProvider,通过判断不同的鉴权信息前缀适配不同鉴权方式。
/**
* camunda接口鉴权,支持官方的鉴权方式以外需要支持用户自定义鉴权,额外支持Bearer token
*
* @author : niudongjun
* @since : 2023/8/30 10:45
*/
@Component
public class CamundaAuthenticationProvider extends HttpBasicAuthenticationProvider implements BeanFactoryPostProcessor, ApplicationContextAware {
protected static final String TOKEN_TYPE_BEARER = "Bearer";
/**
* "@PostConstruct"注解标记的类中,由于ApplicationContext还未加载,导致空指针<br>
* 因此实现BeanFactoryPostProcessor注入ConfigurableListableBeanFactory实现bean的操作
*/
private static ConfigurableListableBeanFactory beanFactory;
/**
* Spring应用上下文环境
*/
private static ApplicationContext applicationContext;
@Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
CamundaAuthenticationProvider.beanFactory = beanFactory;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
CamundaAuthenticationProvider.applicationContext = applicationContext;
}
/**
* 获取{@link ListableBeanFactory},可能为{@link ConfigurableListableBeanFactory} 或 {@link ApplicationContextAware}
*
* @return {@link ListableBeanFactory}
* @since 5.7.0
*/
public static ListableBeanFactory getBeanFactory() {
return null == beanFactory ? applicationContext : beanFactory;
}
/**
* 通过class获取Bean
*
* @param <T> Bean类型
* @param clazz Bean类
* @return Bean对象
*/
public static <T> T getBean(Class<T> clazz) {
return getBeanFactory().getBean(clazz);
}
@Override
public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine) {
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (Objects.nonNull(authorizationHeader)) {
if (authorizationHeader.startsWith(BASIC_AUTH_HEADER_PREFIX)) {
return super.extractAuthenticatedUser(request, engine);
}
if (authorizationHeader.startsWith(TOKEN_TYPE_BEARER)) {
IUserAdapterService userAdapterService = getBean(IUserAdapterService.class);
User loginUser = userAdapterService.getLoginUser();
if (Objects.nonNull(loginUser)) {
return this.isAuthenticated(engine, loginUser.getId(), loginUser.getPassword()) ? AuthenticationResult.successful(loginUser.getId()) : AuthenticationResult.unsuccessful(loginUser.getId());
}
}
}
return AuthenticationResult.unsuccessful();
}
}
鉴权拦截器注册类(CamundaSecurityFilter.java)
/**
* Camunda权限配置
*
* @author : niudongjun
* @since : 2023/8/29 19:51
*/
@Configuration
public class CamundaSecurityFilter {
@Bean
public FilterRegistrationBean<ProcessEngineAuthenticationFilter> processEngineAuthenticationFilter() {
FilterRegistrationBean<ProcessEngineAuthenticationFilter> registration = new FilterRegistrationBean<>(new ProcessEngineAuthenticationFilter());
// 注入刚才实现的鉴权增强类
registration.addInitParameter("authentication-provider",
"com.demo.workflow.config.CamundaAuthenticationProvider");
registration.addUrlPatterns("/engine-rest/*");
registration.setOrder(2);
return registration;
}
}
其他文件
CamundaUserSyncConfig.java:提供参与流程的用户信息同步到Camunda表中。
CamundaUserEventType.java: 用户信息更新或删除的事件类型
CamundaEventListener.java: 事件监听配置类
CamundaUserEvent.java: 用户信息更新或者删除的事件对象