How to disbale idm in flowable-spring-boot-starter-ui-modeler?

icuxika commented 2 years ago

Version

6.7.2

<dependency>
            <groupId>org.flowable</groupId>
            <artifactId>flowable-spring-boot-starter</artifactId>
            <version>6.7.2</version>
</dependency>
<dependency>
            <groupId>org.flowable</groupId>
            <artifactId>flowable-spring-boot-starter-ui-modeler</artifactId>
            <version>6.7.2</version>
</dependency>

Question

Could you tell me how to remove the dependency of flowable-spring-boot-starter-ui-modeler on flowable.common.app.idm-url? I just want to integrate flowable-spring-boot-starter-ui-modeler into my spring cloud and use the existing security authentication system.

icuxika commented 2 years ago

Sorry, this may be my problem. It has no problem in a simple springboot project.

zhaobingcheng commented 2 years ago

hello，could you please paste your entire pom file? I have the same problem.. my pom is below and no parent pom

org.flowable flowable-spring-boot-starter 6.6.0 org.flowable flowable-spring-boot-starter-ui-modeler 6.6.0 mysql mysql-connector-java 8.0.13

then promt ”flowable.common.app.idm-url must be set“ when start program

icuxika commented 2 years ago

@zhaobingcheng Okay

<properties>
        <flowable.version>6.7.2</flowable.version>
</properties>

        <dependency>
            <groupId>org.flowable</groupId>
            <artifactId>flowable-spring-boot-starter</artifactId>
            <version>${flowable.version}</version>
        </dependency>
        <dependency>
            <groupId>org.flowable</groupId>
            <artifactId>flowable-spring-boot-starter-ui-idm</artifactId>
            <version>${flowable.version}</version>
        </dependency>
        <dependency>
            <groupId>org.flowable</groupId>
            <artifactId>flowable-spring-boot-starter-ui-modeler</artifactId>
            <version>${flowable.version}</version>
        </dependency>

and mysql version is 8.0.28. In a Hello, world SpringBoot project, there was no problem.

icuxika commented 2 years ago

@zhaobingcheng

management:
  health:
    ldap:
      enabled: false

Put this config in your applicaton.yml will help you reovle the problem about ldap checking failed.

zhaobingcheng commented 2 years ago

thank you, I see you import the "flowable-spring-boot-starter-ui-idm". it does work. but the authentication mechanism of flowable will also make effect, right?....does it meet your need?..don't you want to disable the idm and just want to use modeler?..

icuxika commented 2 years ago

Something changes... Now I want to solve the conflict between the Spring Security configuration of idm and the Spring Security in my own project. Maybe I need to study the source code of flowable-engine first and then try to solve it.

zhaobingcheng commented 2 years ago

well, maybe, you can consider to reduce the version of flowable or improve the version of Spring Security in your own project...it may be more easier.

icuxika commented 2 years ago

@zhaobingcheng Some ways to skip flowable-ui 6.7.2's built-in login. Recreate org.flowable.ui.common.security.FlowableUiSecurityAutoConfiguration in your project to overwrite the original functionality.

@Configuration(proxyBeanMethods = false)
@AutoConfigureAfter({
        IdmEngineServicesAutoConfiguration.class,
})
@AutoConfigureBefore({
        FlowableSecurityAutoConfiguration.class,
        OAuth2ClientAutoConfiguration.class,
})
public class FlowableUiSecurityAutoConfiguration {

    @Bean
    public ApiHttpSecurityCustomizer apiHttpSecurityCustomizer() {
        return new ApiHttpSecurityCustomizer() {
            @Override
            public void customize(HttpSecurity http) throws Exception {
            }
        };
    }

    @Bean
    public CurrentUserProvider currentUserProvider() {
        return new CurrentUserProvider() {
            @Override
            public UserRepresentation getCurrentUser(Authentication authentication) {
                UserRepresentation userRepresentation = new UserRepresentation();
                userRepresentation.setId("0");
                userRepresentation.setFirstName("driftwood");
                userRepresentation.setLastName("driftwood");
                userRepresentation.setPrivileges(
                        Arrays.asList(
                                DefaultPrivileges.ACCESS_IDM,
                                DefaultPrivileges.ACCESS_MODELER,
                                DefaultPrivileges.ACCESS_ADMIN,
                                DefaultPrivileges.ACCESS_TASK,
                                DefaultPrivileges.ACCESS_REST_API
                        )
                );
                return userRepresentation;
            }

            @Override
            public boolean supports(Authentication authentication) {
                return true;
            }
        };
    }
}

This will skip the built-in secure login with flowable-ui.
If your project also integrates the Spring Security, you should set http.csrf().disable() & .antMatchers("/modeler/**", "/modeler-app/**").permitAll().
In the end you also need to consider whether to recreate org.flowable.ui.common.security.SecurityUtils and rewrite method getCurrentUserId, depending on whether it will affect you to save the model.

org.flowable.ui.modeler.rest.api.ApiModelResource#saveModel

Model model = this.modelService.getModel(modelId);
String currentUserId = SecurityUtils.getCurrentUserId();
boolean currentUserIsOwner = model.getLastUpdatedBy().equals(currentUserId);

zhaobingcheng commented 2 years ago

@icuxika yeah, the ways do work. I saw the authentication was skipped. thank you very much😄

flowable / flowable-engine

How to disbale idm in flowable-spring-boot-starter-ui-modeler? #3231

Version

Question