我们项目是个SpringCloud微服务项目,权限是单独的微服务,前段时间集成了activiti7,在做到拾取和取消拾取任务时发现需要强绑定ACTIVITI角色,不指定角色的话报错UsernameNotFoundException,网上查询方法去掉Security,但还是报错;
后来想办法,只能在本服务中先绑定个默认的角色,然后在强绑定ACTIVITI角色的方法添加这个默认角色,这样既不影响整个系统的权限,又能正常调用各个方法。
1.重写UserDetailsService,在每个user中都添加ROLE_ACTIVITI_USER角色
import org.assertj.core.util.Lists;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.User;
import java.util.List;
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> grantedAuthorities = Lists.newArrayList();
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_ACTIVITI_USER");
grantedAuthorities.add(grantedAuthority);
return new User(username,"123",grantedAuthorities);
}
}
2. WebSecurityConfiguration中注入UserDetailsServiceImpl ;注意:@EnableOAuth2Sso是本服务器项目中统一权限模块的注解
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@EnableOAuth2Sso
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private Logger logger = LoggerFactory.getLogger(WebSecurityConfiguration.class);
@Bean
@Override
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Override
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
http.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui.html","/swagger/**","/webjars/**"
,"/swagger-resources/**","/**/v2/api-docs","/webservice/**","/services/**");
}
}
3.SecurityUtil类
import com.mzy.activiti.config.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import java.util.Collection;
@Component
public class SecurityUtil {
@Autowired
private UserDetailsServiceImpl userDetailsService;
public void logInAs(String username) {
UserDetails user = userDetailsService.loadUserByUsername(username);
if (user == null) {
throw new IllegalStateException("User " + username + " doesn't exist, please provide a valid user");
}
SecurityContextHolder.setContext(new SecurityContextImpl(new Authentication() {
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getAuthorities();
}
@Override
public Object getCredentials() {
return user.getPassword();
}
@Override
public Object getDetails() {
return user;
}
@Override
public Object getPrincipal() {
return user;
}
@Override
public boolean isAuthenticated() {
return true;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
@Override
public String getName() {
return user.getUsername();
}
}));
org.activiti.engine.impl.identity.Authentication.setAuthenticatedUserId(username);
}
}
4.在方法中绑定角色并取消拾取任务操作,返回正常
@Override
public MyTaskEntity unclaimTask(String taskId) {
// TODO activiti7强绑定springsecurity,这里设置一个死的用户
securityUtil.logInAs("admin");
taskService.unclaim(taskId);
Task task = taskService.createTaskQuery().taskId(taskId).singleResult();
MyTaskEntity myTaskEntity = new MyTaskEntity();
myTaskEntity.setId(task.getId());
myTaskEntity.setName(task.getName());
myTaskEntity.setDescription(task.getDescription());
myTaskEntity.setAssignee(task.getAssignee());
myTaskEntity.setTaskDefinitionKey(task.getTaskDefinitionKey());
myTaskEntity.setCreateTime(task.getCreateTime());
return myTaskEntity;
}
5.总结:总体来说问题是解决了,但是多了Security的jar包,系统是冗余了点,但是暂时没有其它办法只能如此