Hyland Connect

jcosano · ‎06-07-2011

Hello…

I would explain how I use Activiviti with my corporative LDAP. Maybe this is not the best way, but for me is working and it would be a start point for others…

First of all, I choose a framework for work with LDAP, I consider these:
- jndi
- spring ldap
- UnboundID LDAP SDK
- Novell ldap framework

Finally I get Novell ldap framework (jldapv2.0.1.jar) because I worked with it in old projects.

Then… let's go…

1) Create a own ProcessEngineConfiguration OPTIONAL: ONLY IF YOU NEED A SPECIFIC IDENTITY SERVICE.. NOT MANDATORY

public class LDAPStandaloneProcessEngineConfiguration extends StandaloneProcessEngineConfiguration {   protected IdentityService identityService = new IdentityServiceLDAPImpl();}‍‍‍‍‍

2) Change Activiti.cfg.xml ( note: class should be you ProcessEngineConfiguration class… maybe StandaloneProcessEngineConfiguration )

  <bean id="processEngineConfiguration" class="org.activiti.engine.impl.cfg.ldap.LDAPStandaloneProcessEngineConfiguration">    <property name="customSessionFactories">        <list>       <bean class="org.activiti.engine.impl.ldap.LDAPUserManagerFactory" />            <bean class="org.activiti.engine.impl.ldap.LDAPGroupManagerFactory" />        </list>    </property>‍‍‍‍‍‍‍‍

3) Create an own IdentityService OPTIONAL: ONLY IF YOU NEED A SPECIFIC IDENTITY SERVICE.. NOT MANDATORY

public class IdentityServiceLDAPImpl extends ServiceImpl implements IdentityService ‍‍

In some methods may be you can do this:

throw new LDAPOperationNotSupportedException("This action is not implemented under LDAP");‍

4) Create LDAPUserManagerFactory

public class LDAPUserManagerFactory implements SessionFactory {   @Override   public Class<?> getSessionType()        {      return UserManager.class;     }   @Override   public Session openSession()    {      return new LDAPUserManager();    }}‍‍‍‍‍‍‍‍‍‍‍‍‍‍

5) Create LDAPGroupManagerFactory

public class LDAPGroupManagerFactory implements SessionFactory {   @Override   public Class<?> getSessionType()        {      return GroupManager.class;     }   @Override   public Session openSession()    {      return new LDAPGroupManager();    }}‍‍‍‍‍‍‍‍‍‍‍‍‍‍

6) Create your LDAPUserManager implementing your queries to LDAP using you LDAP framework

public class LDAPUserManager extends org.activiti.engine.impl.persistence.entity.UserManager‍

7) Create your LDAPGroupManager implementing your queries to LDAP using you LDAP framework

public class LDAPGroupManager extends org.activiti.engine.impl.persistence.entity.GroupManager‍

And I think… that's all folks

marcinj · ‎06-09-2011

Hi jcosano,

I was very happy to see your post, as I'm about to face a similar issue. But it's not enirely clear for me how it works :

1. There's a variable identityService in class LDAPStandaloneProcessEngineConfiguration . I can't find any references to this variable.

2. In the bean processEngineConfiguration (of class org.activiti.engine.impl.cfg.ldap.LDAPStandaloneProcessEngineConfiguration) you set property customSessionFactories. I can't find this property (a setter, or a field) in StandaloneProcessEngineConfiguration .

Maybe you are using a different version of Activiti ? I'm on 5.4

Thanks,
Marcin Jaskolski

Update to 5.6 solves point 2 8-)

p4w3l · ‎06-09-2011

I use similar way but without 1) and 3). It works fine for me.

jcosano · ‎06-10-2011

Hi!

marcinj:
1) variable identityService overrides same variables defined in class: ProcessEngineConfigurationImpl
I do this for use my own implementation for this service.
2) customSessionFactories belongs to ProcessEngineConfigurationImpl
note: StandaloneProcessEngineConfiguration extends ProcessEngineConfigurationImpl
I'm using activiti 5.6 but, this configuration I made for activiti 5.3.

p4w3l:
It's true, 1 and 3 is redundant… I don't know if in some case you need change identifyservice for use a particular cmd…

mtr3691 · ‎07-29-2011

Hi!

marcinj:
1) variable identityService overrides same variables defined in class: ProcessEngineConfigurationImpl
I do this for use my own implementation for this service.
2) customSessionFactories belongs to ProcessEngineConfigurationImpl
note: StandaloneProcessEngineConfiguration extends ProcessEngineConfigurationImpl
I'm using activiti 5.6 but, this configuration I made for activiti 5.3.

p4w3l:
It's true, 1 and 3 is redundant… I don't know if in some case you need change identifyservice for use a particular cmd…

If 3 is not needed, how does login occur? The login method is located in the IdentityService…and will be different for each LDAP schema…correct?
So, why would you not have an IdentityService for every integration with an LDAP service?

jcosano · ‎08-01-2011

For validate user&password Activiti uses CheckPassword (org.activiti.engine.impl.cmd)

Then, compare password with a user object retrieved with UserManager.

Each particular UserManager known location for password.

For this, you only need implement you own UserManager.

mtr3691 · ‎08-02-2011

For validate user&password Activiti uses CheckPassword (org.activiti.engine.impl.cmd)

Then, compare password with a user object retrieved with UserManager.

Each particular UserManager known location for password.

For this, you only need implement you own UserManager.

So, I must be missing pieces of this whole integration…(possibly my lack of understanding of Spring among other issues)…

UserManager has no login, so how is a "user object" obtained if the Activiti tool (for example) Explorer does not know what LDAP server to connect to, let alone, what the query is to retrieve an object from the LDAP repository?

I believe, I understand correctly the Activiti Engine can be instantiated within another application thus providing the ability to write custom code, in the host application, to communicate to an LDAP repository…but how do you wire all the tools to use LDAP as well??

I have a Spring LDAP client, which can connect and verify a user to an LDAP resource. That client has 2 classes it uses UserManager and GroupManager, which I believe I can use (in the context of the previous responses within this thread) to override Activiti so it can query LDAP. But how does Activiti, connect to LDAP without an IdentityService containing the specifics for the LDAP connection?

Is there anyone who has a working installation of Activiti and tools (Explorer/Probe/etc) which are using LDAP as authentication/authorization? If so, is there anyway someone can give me a tour of it so I can grasp what I am missing?

Thanks….

mokematt · ‎02-19-2013

Hi,

I'm using activiti 5.11 and tried the way described above without 1) and 3). I want to store the identity data in an openLdap and the other data in an Oracle 11g Database.

I got the following exception:

Feb 19, 2013 11:50:14 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from resource loaded through InputStream
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Feb 19, 2013 11:50:17 AM org.activiti.engine.impl.interceptor.CommandContext close
SEVERE: Error while closing command context
org.activiti.engine.ActivitiException: Activiti database problem: Tables missing for component(s) identity

My Activiti.cfg.xml looks like this:


<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

 <bean id="processEngineConfiguration"
  class="org.activiti.engine.impl.cfg.StandaloneProcessEngineConfiguration">
  <property name="databaseSchemaUpdate" value="false" />
  <property name="jdbcUrl" value="jdbcracle:thin:@0.0.0.0:1521/OracleSchema" />
  <property name="jdbcDriver" value="oracle.jdbc.driver.OracleDriver" />
  <property name="jdbcUsername" value="user" />
  <property name="jdbcPassword" value="secret" />
  <property name="databaseType" value="oracle" />
  <property name="jobExecutorActivate" value="true" />
  <property name="history" value="full" />
  <property name=”customSessionFactories”>
   <list>
    <bean class=”pucco.activiti.LDAPUserManagerFactory”>
     <constructor-arg ref=”ldapConnectionParams” />
    </bean>
    <bean class=”pucco.activiti.LDAPGroupManagerFactory”>
     <constructor-arg ref=”ldapConnectionParams” />
    </bean>
   </list>
  </property>
 </bean>
 <bean id="ldapConnectionParams" class="pucco.activiti.LDAPConnectionParams">
  <property name="ldapServer" value="0.0.0.0" />
  <property name="ldapPort" value="389" />
  <property name="ldapUser" value="cn=user,o=system" />
  <property name="ldapPassword" value="secret" />
 </bean>
</beans>

Hint: I used this for creating my Factory classes: http://aganeshreddy.wordpress.com/2012/10/17/managing-user-identity-using-custom-ldap-in-activiti-en...

It seems like, that the Activiti Engine doesn't understand that it has to use the Factory classes for the IdentityService. The database Schema includes all Tabels except the identity.

Any ideas to solve the problem?

best regards

p4w3l · ‎02-19-2013

The database Schema includes all Tabels except the identity.

Why you touch Activiti db schema?

jbarrez · ‎02-20-2013

It seems like, that the Activiti Engine doesn't understand that it has to use the Factory classes for the IdentityService

What do you mean with that? It doesn't get picked up?

Why you touch Activiti db schema?

The identity tables can be dropped if you aren't using them.

Hyland Connect

Steps for integrate Activiti with LDAP