topic Re: Initiator/StartUserId Activiti REST in Alfresco Archive

Initiator/StartUserId Activiti REST

anjan — Tue, 07 Apr 2015 13:27:02 GMT

Hi, we are using Activiti REST war in our application and we are using custom authentication and it is working perfectly fine. We can start a process instance…etc. But when we check the history of a process instance, the "startUserId" value is set to null.{ "id": "15001", "ur

Re: Initiator/StartUserId Activiti REST

anjan — Wed, 08 Apr 2015 09:20:05 GMT

In my CustomUserDetailsService, I have added the below code snippet and in the method loadUserByUsername method, I am trying to set the user name. But I get NPE for identityService.
<code>
@Autowired
private IdentityService identityService;
</code>

Re: Initiator/StartUserId Activiti REST

trademak — Wed, 08 Apr 2015 10:29:26 GMT

Hi,

Can you share the configuration you did to customise the authentication?
The org.activiti.rest.security.BasicAuthenticationProvider class shows how it's implemented by default.

Best regards,

Re: Initiator/StartUserId Activiti REST

anjan — Wed, 08 Apr 2015 10:42:02 GMT

Hi Tijs, I looked at BasicAuthenticationProvider and added the identityService. Anyway, here are the changes I made.

In SecurityConfiguration, I added the below line just before the <code>.httpBasic()</code>
<code>
.addFilterBefore(new CustomHeaderAuthenticationFilter(), BasicAuthenticationFilter.class)
</code>

Here is the CustomHeaderAuthenticationFilter.
<code>
public class CustomHeaderAuthenticationFilter extends
RequestHeaderAuthenticationFilter {

public CustomHeaderAuthenticationFilter() {
super();
setPrincipalRequestHeader("Custom_User");
setExceptionIfHeaderMissing(false);
PreAuthenticatedAuthenticationProvider preAuth = new PreAuthenticatedAuthenticationProvider();
UserDetailsByNameServiceWrapper userDetails = new UserDetailsByNameServiceWrapper();
userDetails.setUserDetailsService(new CustomUserDetailsService());
preAuth.setPreAuthenticatedUserDetailsService(userDetails);

List<AuthenticationProvider> providers = new ArrayList<AuthenticationProvider>(1);
providers.add(preAuth);

setAuthenticationManager(new ProviderManager(providers));
setContinueFilterChainOnUnsuccessfulAuthentication(true);
}
}
</code>

And here is CustomUserDetailsService.

<code>
public class CustomUserDetailsService implements UserDetailsService {

@Autowired
private IdentityService identityService;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(1);
        authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
        UserDetails user = new User(username, "", true, true, true, true, authorities);
        identityService.setAuthenticatedUserId(username);
        return user;
}

}
</code>

After successful authentication in our application, we set the "Custom_User" header to the user id and then make a call to Activiti REST. I am able to successfully make this call. But as mentioned in my original post, "startUserId" is not set. So I tried to autowire IdentifyService. But I am getting NullPointerException at <code>
identityService.setAuthenticatedUserId(username);</code>

Here is the stacktrace:

<code>
SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/activiti-rest] threw exception
java.lang.NullPointerException
at my.custom.package.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:25)
at org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper.loadUserDetails(UserDetailsByNameServiceWrapper.java:51)
at org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider.authenticate(PreAuthenticatedAuthenticationProvider.java:80)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:121)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
</code>

Re: Initiator/StartUserId Activiti REST

trademak — Wed, 08 Apr 2015 11:10:02 GMT

You are creating a new instance of CustomUserDetailsService by doing a new CustomUserDetailsService().
By doing this, you are not using Spring to create the instance and any annotations in it will not be processes. Therefore IdentityService is null.

Best regards,

Re: Initiator/StartUserId Activiti REST

anjan — Thu, 09 Apr 2015 05:59:06 GMT

I changed the CustomHeaderAuthenticationFilter as below and used @Bean annotator. But I am still getting the identityService as null.

<code>
@Configuration
public class CustomHeaderAuthenticationFilter extends
RequestHeaderAuthenticationFilter {

@Bean
public CustomUserDetailsService customUserDetailsService()
{
return new CustomUserDetailsService();
}

public CustomHeaderAuthenticationFilter() {
super();
setPrincipalRequestHeader("Custom_User");
setExceptionIfHeaderMissing(false);
PreAuthenticatedAuthenticationProvider preAuth = new PreAuthenticatedAuthenticationProvider();
UserDetailsByNameServiceWrapper userDetails = new UserDetailsByNameServiceWrapper();
userDetails.setUserDetailsService(customUserDetailsService());
preAuth.setPreAuthenticatedUserDetailsService(userDetails);

List<AuthenticationProvider> providers = new ArrayList<AuthenticationProvider>(1);
providers.add(preAuth);

setAuthenticationManager(new ProviderManager(providers));
setContinueFilterChainOnUnsuccessfulAuthentication(true);
}
}
</code>

Re: Initiator/StartUserId Activiti REST

trademak — Sun, 12 Apr 2015 08:33:23 GMT

Is the package of the CustomUserDetailsService class also included in the Spring package scanning? Otherwise it won't be considered for dependency injection.

Best regards,

Re: Initiator/StartUserId Activiti REST

anjan — Tue, 14 Apr 2015 06:17:20 GMT

I have included the <context:component-scan> (with package) in activiti-custom-context.xml file but identityService is still null. One question though - I deployed both Activiti Explorer and Activiti REST in Tomcat (both are pointing to the same MySQL database). Will this have any impact because both Explorer and REST will start a Process Engine?

Re: Initiator/StartUserId Activiti REST

b_schnarr — Tue, 14 Apr 2015 08:41:17 GMT

I don´t think so. It is a common approach to use a shared database between Explorer and REST. I configured my Custom Filter like this:

Spring Configuration:

<code>
@Bean
public CustomAuthenticationFilter customTokenAuthenticationFilter() {
return new CustomAuthenticationFilter("/**");
};

@Autowired
CustomAuthenticationFilter customAuthenticationFilter;

.addFilterBefore(customAuthenticationFilter,
BasicAuthenticationFilter.class).httpBasic();
</code>

In my own filter, I extend <code>AbstractAuthenticationProcessingFilter</code> and import <code>import org.activiti.engine.IdentityService;</code>

After that, I use <code> @Autowired
private IdentityService identityService;</code> and this works perfectly.

Re: Initiator/StartUserId Activiti REST

anjan — Tue, 14 Apr 2015 08:45:44 GMT

Thanks Ben for the clarification. I assume, you haven't made any changes to activiti-custom-context.xml file.

Re: Initiator/StartUserId Activiti REST

b_schnarr — Tue, 14 Apr 2015 08:46:36 GMT

No, nothing. All goes with the spring configuration and annotations.

Re: Initiator/StartUserId Activiti REST

anjan — Tue, 14 Apr 2015 13:16:17 GMT

I am able to resolve the issue. But I used xml configuration in activiti-custom-context.xml (due to the issues of Autowiring of the beans).

<code>
      <bean id="customHeaderAuthenticationFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
        <property name="principalRequestHeader" value="Custom_User"/>
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="continueFilterChainOnUnsuccessfulAuthentication" value="true" />
        <property name="exceptionIfHeaderMissing" value="false" />
    </bean>

    <bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        <property name="preAuthenticatedUserDetailsService">
            <bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <property name="userDetailsService" ref="customUserDetailsService"/>
            </bean>
        </property>
    </bean>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="preauthAuthProvider" />
    </security:authentication-manager>

    <bean id="customUserDetailsService" class="com.custom.package.CustomUserDetailsService"></bean>
</code>

Modified SecurityConfiguration to add the following:
<code>
@Autowired
RequestHeaderAuthenticationFilter customHeaderAuthenticationFilter;

       .addFilterBefore(customHeaderAuthenticationFilter, BasicAuthenticationFilter.class)
</code>

Also I have removed my custom CustomHeaderAuthenticationFilter as it is not required anymore.

Thanks everyone for al the suggestions.