小編給大家分享一下flowable工作流引擎如何實(shí)現(xiàn)自定義權(quán)限管理,希望大家閱讀完這篇文章之后都有所收獲,下面讓我們一起去探討吧!
專注于為中小企業(yè)提供網(wǎng)站制作、成都做網(wǎng)站服務(wù),電腦端+手機(jī)端+微信端的三站合一,更高效的管理,為中小企業(yè)馬山免費(fèi)做網(wǎng)站提供優(yōu)質(zhì)的服務(wù)。我們立足成都,凝聚了一批互聯(lián)網(wǎng)行業(yè)人才,有力地推動(dòng)了上1000家企業(yè)的穩(wěn)健成長(zhǎng),幫助中小企業(yè)通過(guò)網(wǎng)站建設(shè)實(shí)現(xiàn)規(guī)模擴(kuò)充和轉(zhuǎn)變。
場(chǎng)景: 對(duì)已有系統(tǒng)集成工作流,系統(tǒng)已經(jīng)有一整套的權(quán)限管理模塊,并且后期需要改造為單獨(dú)的微服務(wù),無(wú)法簡(jiǎn)單通過(guò)網(wǎng)上的建立視圖進(jìn)行解決,同時(shí)考慮到數(shù)據(jù)同步到 flowable 的方式,需要改造現(xiàn)有系統(tǒng)的代碼,后期如果接入無(wú)人維護(hù)的系統(tǒng),比較麻煩。如果選擇自定義查詢,可以更靈活定制。雖然會(huì)有一定的開(kāi)發(fā)工作量,但比較符合目前的系統(tǒng)現(xiàn)狀。
想法:參考 集成 LDAP 的實(shí)現(xiàn)方式
可以覆蓋IdmIdentityServiceImpl類,或者直接實(shí)現(xiàn)IdmIdentityService接口,并使用實(shí)現(xiàn)類作為ProcessEngineConfiguration中的idmIdentityService參數(shù)。
參考 LDAPIdentityServiceImpl 的注冊(cè)到 flowable 引擎配置類的實(shí)現(xiàn)方式
在SpringBoot中,可以向ProcessEngineConfigurationbean定義添加下面的代碼實(shí)現(xiàn):
@Bean public EngineConfigurationConfigurerMyIdmEngineConfigurer() { return idmEngineConfiguration -> idmEngineConfiguration .setIdmIdentityService(new IdmIdentityServiceHandler()); }
其中 IdmIdentityServiceHandler 同樣參考 LDAPIdentityServiceImpl 繼承 IdmIdentityServiceImpl 進(jìn)行處理。
package com.jxlgzwh.handler; import org.flowable.common.engine.api.FlowableException; import org.flowable.idm.api.*; import org.flowable.idm.engine.impl.IdmIdentityServiceImpl; import org.flowable.idm.engine.impl.persistence.entity.GroupEntityImpl; import org.flowable.idm.engine.impl.persistence.entity.UserEntityImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.ArrayList; import java.util.List; public class IdmIdentityServiceHandler extends IdmIdentityServiceImpl { private static final Logger LOGGER = LoggerFactory.getLogger(IdmIdentityServiceHandler.class); @Override public UserQuery createUserQuery() { System.out.println("用戶查詢--"); return null; } @Override public GroupQuery createGroupQuery() { System.out.println("用戶組查詢--"); return null; } @Override public boolean checkPassword(String userId, String password) { return true; } @Override public ListgetGroupsWithPrivilege(String name) { System.out.println("查詢--"); throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public List getUsersWithPrivilege(String name) { System.out.println("查詢--"); throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public User newUser(String userId) { throw new FlowableException("LDAP identity service doesn't support creating a new user"); } @Override public void saveUser(User user) { throw new FlowableException("LDAP identity service doesn't support saving an user"); } @Override public NativeUserQuery createNativeUserQuery() { throw new FlowableException("LDAP identity service doesn't support native querying"); } @Override public void deleteUser(String userId) { throw new FlowableException("LDAP identity service doesn't support deleting an user"); } @Override public Group newGroup(String groupId) { throw new FlowableException("LDAP identity service doesn't support creating a new group"); } @Override public NativeGroupQuery createNativeGroupQuery() { throw new FlowableException("LDAP identity service doesn't support native querying"); } @Override public void saveGroup(Group group) { throw new FlowableException("LDAP identity service doesn't support saving a group"); } @Override public void deleteGroup(String groupId) { throw new FlowableException("LDAP identity service doesn't support deleting a group"); } }
考慮到不需要對(duì) flowable 的 權(quán)限進(jìn)行維護(hù),所以無(wú)需實(shí)現(xiàn) 新增 和修改方法。
驗(yàn)證: 寫個(gè)方法進(jìn)行測(cè)試是否生效
@RequestMapping(value = "is") @ResponseBody public String identityService() { identityService.createUserQuery(); return "測(cè)試"; }
訪問(wèn)方法,后臺(tái)打印 “用戶查詢--“ 表明配置成功。
集成 LDAP 的完整代碼 可以在GitHub查看代碼:LDAPIdentityServiceImpl。
其中 用戶查詢 LDAPUserQueryImpl 繼承了 UserQueryImpl ; 用戶組查詢 LDAPGroupQueryImpl extends GroupQueryImpl
/* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.flowable.ldap.impl; import java.util.ArrayList; import java.util.List; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import org.flowable.common.engine.impl.interceptor.CommandContext; import org.flowable.idm.api.User; import org.flowable.idm.engine.impl.UserQueryImpl; import org.flowable.idm.engine.impl.persistence.entity.UserEntity; import org.flowable.idm.engine.impl.persistence.entity.UserEntityImpl; import org.flowable.ldap.LDAPCallBack; import org.flowable.ldap.LDAPConfiguration; import org.flowable.ldap.LDAPTemplate; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class LDAPUserQueryImpl extends UserQueryImpl { private static final long serialVersionUID = 1L; private static final Logger LOGGER = LoggerFactory.getLogger(LDAPUserQueryImpl.class); protected LDAPConfiguration ldapConfigurator; public LDAPUserQueryImpl(LDAPConfiguration ldapConfigurator) { this.ldapConfigurator = ldapConfigurator; } @Override public long executeCount(CommandContext commandContext) { return executeQuery().size(); } @Override public ListexecuteList(CommandContext commandContext) { return executeQuery(); } protected List executeQuery() { if (getId() != null) { List result = new ArrayList<>(); result.add(findById(getId())); return result; } else if (getIdIgnoreCase() != null) { List result = new ArrayList<>(); result.add(findById(getIdIgnoreCase())); return result; } else if (getFullNameLike() != null) { return executeNameQuery(getFullNameLike()); } else if (getFullNameLikeIgnoreCase() != null) { return executeNameQuery(getFullNameLikeIgnoreCase()); } else { return executeAllUserQuery(); } } protected List executeNameQuery(String name) { String fullName = name.replaceAll("%", ""); String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByFullNameLike(ldapConfigurator, fullName); return executeUsersQuery(searchExpression); } protected List executeAllUserQuery() { String searchExpression = ldapConfigurator.getQueryAllUsers(); return executeUsersQuery(searchExpression); } protected UserEntity findById(final String userId) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack () { @Override public UserEntity executeInContext(InitialDirContext initialDirContext) { try { String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryByUserId(ldapConfigurator, userId); String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); UserEntity user = new UserEntityImpl(); while (namingEnum.hasMore()) { // Should be only one SearchResult result = (SearchResult) namingEnum.next(); mapSearchResultToUser(result, user); } namingEnum.close(); return user; } catch (NamingException ne) { LOGGER.error("Could not find user {} : {}", userId, ne.getMessage(), ne); return null; } } }); } protected List executeUsersQuery(final String searchExpression) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack >() { @Override public List
executeInContext(InitialDirContext initialDirContext) { List result = new ArrayList<>(); try { String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); while (namingEnum.hasMore()) { SearchResult searchResult = (SearchResult) namingEnum.next(); UserEntity user = new UserEntityImpl(); mapSearchResultToUser(searchResult, user); result.add(user); } namingEnum.close(); } catch (NamingException ne) { LOGGER.debug("Could not execute LDAP query: {}", ne.getMessage(), ne); return null; } return result; } }); } protected void mapSearchResultToUser(SearchResult result, UserEntity user) throws NamingException { if (ldapConfigurator.getUserIdAttribute() != null) { user.setId(result.getAttributes().get(ldapConfigurator.getUserIdAttribute()).get().toString()); } if (ldapConfigurator.getUserFirstNameAttribute() != null) { try { user.setFirstName(result.getAttributes().get(ldapConfigurator.getUserFirstNameAttribute()).get().toString()); } catch (NullPointerException e) { user.setFirstName(""); } } if (ldapConfigurator.getUserLastNameAttribute() != null) { try { user.setLastName(result.getAttributes().get(ldapConfigurator.getUserLastNameAttribute()).get().toString()); } catch (NullPointerException e) { user.setLastName(""); } } if (ldapConfigurator.getUserEmailAttribute() != null) { try { user.setEmail(result.getAttributes().get(ldapConfigurator.getUserEmailAttribute()).get().toString()); } catch (NullPointerException e) { user.setEmail(""); } } } protected SearchControls createSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(ldapConfigurator.getSearchTimeLimit()); return searchControls; } }
/* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.flowable.ldap.impl; import java.util.ArrayList; import java.util.List; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import org.flowable.common.engine.api.FlowableException; import org.flowable.common.engine.impl.interceptor.CommandContext; import org.flowable.idm.api.Group; import org.flowable.idm.engine.impl.GroupQueryImpl; import org.flowable.idm.engine.impl.persistence.entity.GroupEntity; import org.flowable.idm.engine.impl.persistence.entity.GroupEntityImpl; import org.flowable.ldap.LDAPCallBack; import org.flowable.ldap.LDAPConfiguration; import org.flowable.ldap.LDAPGroupCache; import org.flowable.ldap.LDAPTemplate; public class LDAPGroupQueryImpl extends GroupQueryImpl { private static final long serialVersionUID = 1L; protected LDAPConfiguration ldapConfigurator; protected LDAPGroupCache ldapGroupCache; public LDAPGroupQueryImpl(LDAPConfiguration ldapConfigurator, LDAPGroupCache ldapGroupCache) { this.ldapConfigurator = ldapConfigurator; this.ldapGroupCache = ldapGroupCache; } @Override public long executeCount(CommandContext commandContext) { return executeQuery().size(); } @Override public ListexecuteList(CommandContext commandContext) { return executeQuery(); } protected List executeQuery() { if (getUserId() != null) { return findGroupsByUser(getUserId()); } else if (getId() != null) { return findGroupsById(getId()); } else { return findAllGroups(); } } protected List findGroupsByUser(String userId) { // First try the cache (if one is defined) if (ldapGroupCache != null) { List groups = ldapGroupCache.get(userId); if (groups != null) { return groups; } } String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryGroupsForUser(ldapConfigurator, userId); List groups = executeGroupQuery(searchExpression); // Cache results for later if (ldapGroupCache != null) { ldapGroupCache.add(userId, groups); } return groups; } protected List findGroupsById(String id) { String searchExpression = ldapConfigurator.getLdapQueryBuilder().buildQueryGroupsById(ldapConfigurator, id); return executeGroupQuery(searchExpression); } protected List findAllGroups() { String searchExpression = ldapConfigurator.getQueryAllGroups(); List groups = executeGroupQuery(searchExpression); return groups; } protected List executeGroupQuery(final String searchExpression) { LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); return ldapTemplate.execute(new LDAPCallBack >() { @Override public List
executeInContext(InitialDirContext initialDirContext) { List groups = new ArrayList<>(); try { String baseDn = ldapConfigurator.getGroupBaseDn() != null ? ldapConfigurator.getGroupBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration> namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls()); while (namingEnum.hasMore()) { // Should be only one SearchResult result = (SearchResult) namingEnum.next(); GroupEntity group = new GroupEntityImpl(); if (ldapConfigurator.getGroupIdAttribute() != null) { group.setId(result.getAttributes().get(ldapConfigurator.getGroupIdAttribute()).get().toString()); } if (ldapConfigurator.getGroupNameAttribute() != null) { group.setName(result.getAttributes().get(ldapConfigurator.getGroupNameAttribute()).get().toString()); } if (ldapConfigurator.getGroupTypeAttribute() != null) { group.setType(result.getAttributes().get(ldapConfigurator.getGroupTypeAttribute()).get().toString()); } groups.add(group); } namingEnum.close(); return groups; } catch (NamingException e) { throw new FlowableException("Could not find groups " + searchExpression, e); } } }); } protected SearchControls createSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(ldapConfigurator.getSearchTimeLimit()); return searchControls; } }
根據(jù)自己的業(yè)務(wù)需要,提供用戶的管理功能。關(guān)鍵部分:
配置IdmEngineConfiguration參數(shù)
實(shí)現(xiàn)IdmIdentityService,可繼承IdmIdentityServiceImpl
實(shí)現(xiàn)UserQuery,可繼承UserQueryImpl
實(shí)現(xiàn)GroupQuery,可繼承GroupQueryImpl
實(shí)現(xiàn)PrivilegeQuery,可繼承PrivilegeQueryImpl
相當(dāng)于做自己的權(quán)限管理系統(tǒng)的查詢客戶端。
看完了這篇文章,相信你對(duì)“flowable工作流引擎如何實(shí)現(xiàn)自定義權(quán)限管理”有了一定的了解,如果想了解更多相關(guān)知識(shí),歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道,感謝各位的閱讀!