search

imixs / imixs-microservice

Imixs Workflow - Microservice
https://www.imixs.org
GNU General Public License v3.0
8 stars 4 forks source link

How can I implement a programmatically way to create new users? #1

Open guilhermemauro opened 3 years ago

guilhermemauro commented 3 years ago

I need to integrate my users with the Imixis microservice. Can anyone give me a way? Thanks

rsoika commented 3 years ago

Hi, the microservice is independent from your security implementation. The security realm used is just the example of a basic file based mapping of two property files:

                <authentication>
                    <login-module code="UsersRoles" flag="required">  
                        <module-option name="usersProperties" value="${jboss.server.config.dir}/imixs-users.properties"/>  
                        <module-option name="rolesProperties" value="${jboss.server.config.dir}/imixs-roles.properties"/>  
                    </login-module>  
                    <login-module code="RoleMapping" flag="required">
                        <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/imixsrealm.properties"/>
                        <module-option name="replaceRole" value="false"/>
                    </login-module>
                </authentication>
            </security-domain>

I think you are looking for something where you can store your users/passwords/roles in a database?

The securty-domain configuration would than look something like this:

            <security-domain name="imixsrealm">
                <authentication>
                    <login-module code="Database" flag="required">
                        <module-option name="dsJndiName" value="java:/jdbc/office"/>
                        <module-option name="hashAlgorithm" value="SHA-256"/>
                        <module-option name="hashEncoding" value="hex"/>
                        <module-option name="principalsQuery" value="select PASSWORD from USERID where ID=?"/>
                        <module-option name="rolesQuery" value="select GROUP_ID,'Roles' from USERID_USERGROUP where ID=?"/>
                        <module-option name="unauthenticatedIdentity" value="anonymous"/>
                    </login-module>
                    <login-module code="RoleMapping" flag="required">
                        <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/imixsrealm.properties"/>
                        <module-option name="replaceRole" value="false"/>
                    </login-module>
                </authentication>
            </security-domain>

In that case you need to provide just the corresponding tables.

Note: This topic is independent form Imixs-Workflow as we do not tie the workflow engine to a specific security mechanism. You can use any security domain supported by your environment. For example you can also use a LDAP directory to authenticate users.

You can also take a look here: https://docs.wildfly.org/19.1/WildFly_Elytron_Security.html#Database_Authentication_Migration

rsoika commented 3 years ago

What you can also do, is to add the imixs-marty library to your project. Imixs-Marty prvides services and also database entities to store userids and groups.

To add the maven depencencies:

    <dependency>
        <groupId>org.imixs.marty</groupId>
        <artifactId>imixs-marty-ejb</artifactId>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>org.imixs.marty</groupId>
        <artifactId>imixs-marty-util</artifactId>
        <scope>compile</scope>
    </dependency>

You need to add the following line to your persistence.xml file to autocreate the tables:

            <jar-file>lib/imixs-marty-ejb-${org.imixs.marty.version}.jar</jar-file>

The method UserGroupService you can create a new user profile with userid, password and groups:

        ItemCollection profile = new ItemCollection();
        profile.replaceItemValue("type", "profile");
        profile.replaceItemValue("txtName", sAccount);
        // set default password
        profile.replaceItemValue("txtPassword", DEFAULT_PASSWORD);
        profile.replaceItemValue("$WorkflowGroup", "Profile");
        profile.replaceItemValue("txtGroups", "IMIXS-WORKFLOW-Manager");

        try {
            updateUser(profile);
            documentService.save(profile);              
        } catch (AccessDeniedException e) {
            logger.warning("UserGroupService - unable to initialize default admin account");
            logger.severe(e.getMessage());
            // throw new RuntimeException(e);
            return;
        }

Note: the security-domain has to be configured as in the posting above