Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: 5.17 Securing Activiti Explorer login - LDAP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
5.17 Securing Activiti Explorer login - LDAP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2015 02:36 PM
I was wondering if someone might provide some clarification. I'm trying to secure Activiti-Explorer's login to our ldap server.
What I have done so far is:
- create my own LoginIdentityService that extends IdentityServiceImpl
- overrode every method. In each overriden method, I did a sysout and then called the appropriate method on super.
- updated activiti.login.context.xml file to inject my new class into the defaultLoginHandler bean.
Mainly what I'm trying to do above is determine which methods are being called to authenticate the logged in user. This way I can override those methods and implement my own ldap solution. Is this the appropriate way of doing this? As soon as I overrode the methods I could see in the logs that "checkPassword" was being invoked. Even though my class calls the method on super after I print to log, I can't login using kermit or any other sample uers. I assume I have the incorrect superclass defined?
Also, how is everyone injecting admin groups and user groups to secure the page? I didn't find any documentation on this.
Thanks in advance!
What I have done so far is:
- create my own LoginIdentityService that extends IdentityServiceImpl
- overrode every method. In each overriden method, I did a sysout and then called the appropriate method on super.
- updated activiti.login.context.xml file to inject my new class into the defaultLoginHandler bean.
Mainly what I'm trying to do above is determine which methods are being called to authenticate the logged in user. This way I can override those methods and implement my own ldap solution. Is this the appropriate way of doing this? As soon as I overrode the methods I could see in the logs that "checkPassword" was being invoked. Even though my class calls the method on super after I print to log, I can't login using kermit or any other sample uers. I assume I have the incorrect superclass defined?
Also, how is everyone injecting admin groups and user groups to secure the page? I didn't find any documentation on this.
Thanks in advance!
Labels:
- Labels:
-
Archive
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2015 05:15 AM
The correct way to do so is described in http://activiti.org/userguide/index.html#chapter_ldap
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2015 07:52 AM
I appreciate the info, but I did review that and it's very high level. What I found best was to view the source code of the DefaultLoginHandler class to understand how the explorerApp property works, along with authentication/validation.
Also information from this post: http://forums.activiti.org/content/ldap-admingroups-configuration-problem
Thanks!
Also information from this post: http://forums.activiti.org/content/ldap-admingroups-configuration-problem
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2015 08:19 AM
> it's very high level
It's supposed to be high level. It should be plug in and work. What you are doing now is really low level.
Hence why nobody else has responded so far, very few people take this route.
It's supposed to be high level. It should be plug in and work. What you are doing now is really low level.
Hence why nobody else has responded so far, very few people take this route.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2015 08:38 AM
I always appreciate your response.
Just for clarification, are you saying that if I add the properties and implement the LDAPConfigurator inside my activiti-custom-context.xml, that I don't need to override anything LDAP class related? Login, etc?
I tried implementing the LDAPConfigurator to play around with, but the web app wouldn't deploy/start. Nothing in the console error related and I assume it's a jar dependency thing. My company has it's own maven repo and is the only one i can use so I'm not sure which jars I would need to add. Of course everything is blocked so internally I have limited resources to resolve this. Currently I'm just adding the jars to my classpath and packaging them together to test functionality as a temp solution.
Anyway you could share all the dependent jars to use for the activiti ldap jars? This is for a POC.
Thanks in advance!
Just for clarification, are you saying that if I add the properties and implement the LDAPConfigurator inside my activiti-custom-context.xml, that I don't need to override anything LDAP class related? Login, etc?
I tried implementing the LDAPConfigurator to play around with, but the web app wouldn't deploy/start. Nothing in the console error related and I assume it's a jar dependency thing. My company has it's own maven repo and is the only one i can use so I'm not sure which jars I would need to add. Of course everything is blocked so internally I have limited resources to resolve this. Currently I'm just adding the jars to my classpath and packaging them together to test functionality as a temp solution.
Anyway you could share all the dependent jars to use for the activiti ldap jars? This is for a POC.
Thanks in advance!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2015 09:29 AM
> are you saying that if I add the properties and implement the LDAPConfigurator inside my activiti-custom-context.xml, that I don't need to override anything LDAP class related?
Indeed.
> I assume it's a jar dependency thing
You do need the activiti-ldap jar.
Indeed.
> I assume it's a jar dependency thing
You do need the activiti-ldap jar.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2015 11:27 AM
As soon as I add the "configurators" property to the ProcessEngine bean, Activiti-Explorer app won't start. I added the activiti-ldap.jar into "apache-tomcat-7.0.59\webapps\activiti-explorer\WEB-INF\lib" directory and restarted the server.
Here is what I see in the logs:
09:53:53,990 [localhost-startStop-1] INFO org.springframework.beans.factory.xml
.XmlBeanDefinitionReader - Loading XML bean definitions from class path resourc
e [activiti-custom-context.xml]
Apr 7, 2015 9:53:54 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error listenerStart
Apr 7, 2015 9:53:54 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/activiti-explorer] startup failed due to previous errors
09:53:54,130 [localhost-startStop-1] INFO org.activiti.explorer.servlet.WebConf
igurer - Destroying Web application
Apr 7, 2015 9:53:54 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive C:\DEV\SOW\112\apache-tomcat-7.0.59\
webapps\activiti-explorer.war has finished in 8,752 ms
Attaching my activiti-custom-context.xml file for reference. Looks like I'll have to override LDAPConfigurator to identify the issue.
Here is what I see in the logs:
09:53:53,990 [localhost-startStop-1] INFO org.springframework.beans.factory.xml
.XmlBeanDefinitionReader - Loading XML bean definitions from class path resourc
e [activiti-custom-context.xml]
Apr 7, 2015 9:53:54 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error listenerStart
Apr 7, 2015 9:53:54 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/activiti-explorer] startup failed due to previous errors
09:53:54,130 [localhost-startStop-1] INFO org.activiti.explorer.servlet.WebConf
igurer - Destroying Web application
Apr 7, 2015 9:53:54 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive C:\DEV\SOW\112\apache-tomcat-7.0.59\
webapps\activiti-explorer.war has finished in 8,752 ms
Attaching my activiti-custom-context.xml file for reference. Looks like I'll have to override LDAPConfigurator to identify the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2015 03:31 PM
I found the issue. It was related to the & sign in the LDAPConfigurator properties.
Thanks!
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2016 11:56 PM
Hi all~
I have the similar question~
I just override LDAP jar code, add some log.warn to show the username and password.
When I login on Activiti-Explorer, I got error message "Could not log you in", but not show error in log as below
Now I don't know what happen? Could I login Activiti-explorer using LDAP?
PS: My LDAP username/Password is right, I test it on LDAPExlorer.
11:31:30,840 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:30,842 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:30,843 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,261 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor -
11:31:39,262 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor - — starting CheckPassword ——————————————————–
11:31:39,263 [http-apr-8080-exec-8] DEBUG org.activiti.spring.SpringTransactionInterceptor - Running command with propagation REQUIRED
11:31:39,264 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
11:31:39,265 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.SimpleDriverDataSource - Creating new JDBC Driver Connection to [jdbc:mysql://localhost:3306/activiti?useSSL=false]
11:31:39,271 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Acquired Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] for JDBC transaction
11:31:39,272 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Switching JDBC Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] to manual commit
11:31:39,347 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - userId: MyUserID
11:31:39,347 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - password: Secret
11:31:39,348 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getUser: MyUserID
11:31:39,349 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getPassword: Secret
11:31:39,349 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getBaseDn: dc=vch,dc=corp
11:31:39,350 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getUserBaseDn: null
11:31:39,400 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPConnectionUtil - SECURITY_PRINCIPAL: MyUserID
11:31:39,400 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPConnectionUtil - SECURITY_CREDENTIALS: Secret
11:31:39,510 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - baseDn: dc=vch,dc=corp
11:31:39,682 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - userDn: null
11:31:39,683 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Initiating transaction commit
11:31:39,684 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Committing JDBC transaction on Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35]
11:31:39,687 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Releasing JDBC Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] after transaction
11:31:39,688 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
11:31:39,689 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor - — CheckPassword finished ——————————————————–
11:31:39,690 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor -
11:31:39,695 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,696 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,698 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,699 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,699 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
My Environment: Acitviti 5.19, MySQL, Tomcat 7.0.67, JDK 1.7
My activiti-custom-context.xml and activiti-ui-context.xml as attached file
I have the similar question~
I just override LDAP jar code, add some log.warn to show the username and password.
When I login on Activiti-Explorer, I got error message "Could not log you in", but not show error in log as below
Now I don't know what happen? Could I login Activiti-explorer using LDAP?
PS: My LDAP username/Password is right, I test it on LDAPExlorer.
11:31:30,840 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:30,842 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:30,843 [http-apr-8080-exec-5] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,261 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor -
11:31:39,262 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor - — starting CheckPassword ——————————————————–
11:31:39,263 [http-apr-8080-exec-8] DEBUG org.activiti.spring.SpringTransactionInterceptor - Running command with propagation REQUIRED
11:31:39,264 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Creating new transaction with name [null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
11:31:39,265 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.SimpleDriverDataSource - Creating new JDBC Driver Connection to [jdbc:mysql://localhost:3306/activiti?useSSL=false]
11:31:39,271 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Acquired Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] for JDBC transaction
11:31:39,272 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Switching JDBC Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] to manual commit
11:31:39,347 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - userId: MyUserID
11:31:39,347 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - password: Secret
11:31:39,348 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getUser: MyUserID
11:31:39,349 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getPassword: Secret
11:31:39,349 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getBaseDn: dc=vch,dc=corp
11:31:39,350 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - ldapConfigurator.getUserBaseDn: null
11:31:39,400 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPConnectionUtil - SECURITY_PRINCIPAL: MyUserID
11:31:39,400 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPConnectionUtil - SECURITY_CREDENTIALS: Secret
11:31:39,510 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - baseDn: dc=vch,dc=corp
11:31:39,682 [http-apr-8080-exec-8] WARN org.activiti.ldap.LDAPUserManager - userDn: null
11:31:39,683 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Initiating transaction commit
11:31:39,684 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Committing JDBC transaction on Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35]
11:31:39,687 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - Releasing JDBC Connection [com.mysql.jdbc.JDBC4Connection@37dbbd35] after transaction
11:31:39,688 [http-apr-8080-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
11:31:39,689 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor - — CheckPassword finished ——————————————————–
11:31:39,690 [http-apr-8080-exec-8] DEBUG org.activiti.engine.impl.interceptor.LogInterceptor -
11:31:39,695 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,696 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,698 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,699 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
11:31:39,699 [http-apr-8080-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'scopedTarget.messageSource'
My Environment: Acitviti 5.19, MySQL, Tomcat 7.0.67, JDK 1.7
My activiti-custom-context.xml and activiti-ui-context.xml as attached file
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2016 09:38 PM
It works, thanks~
Related Content
- Installing activi-console and activi-explorer with community 7.4 using docker in Alfresco Forum
- Activiti Explorer not started on Azure. in Alfresco Forum
- Activiti Explorer throwing PartialResultException when we ignore referral and use ldaps (636) in Alfresco Forum
- Alfresco 7.3 - Alfresco Embedded Activiti Engine in Alfresco Blog
- APS 2.X - Adding Custom Endpoints to Swagger API in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
