first commit

Author: Camunda-ChrisAllen

pom.xml

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.camunda.example.oauth2</groupId>
+    <artifactId>azure-oauth2-cambpm-web</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+
+    <properties>
+        <!-- ================ CAMUNDA VERSIONS ================ -->
+
+        <!-- Community Edition -->
+        <camunda.version>7.13.0</camunda.version>
+        <!-- Enterprise Edition -->
+<!--        <camunda.version>7.13.0-ee</camunda.version>-->
+
+        <camunda.spring-boot.version>7.13.0</camunda.spring-boot.version>
+
+        <!-- ============== SPRING BOOT VERSIONS ============== -->
+
+        <!-- 7.12 and above -->
+        <spring-boot.version>2.2.6.RELEASE</spring-boot.version>
+
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <version.java>1.8</version.java>
+
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <failOnMissingWebXml>false</failOnMissingWebXml>
+        <azure.version>2.2.4</azure.version>
+
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-dependencies</artifactId>
+                <version>${spring-boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.camunda.bpm</groupId>
+                <artifactId>camunda-bom</artifactId>
+                <version>${camunda.version}</version>
+                <scope>import</scope>
+                <type>pom</type>
+            </dependency>
+            <dependency>
+                <groupId>com.microsoft.azure</groupId>
+                <artifactId>azure-spring-boot-bom</artifactId>
+                <version>${azure.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+
+        <!-- ================ CAMUNDA ================ -->
+
+        <!-- Community Edition -->
+            <dependency>
+              <groupId>org.camunda.bpm.springboot</groupId>
+              <artifactId>camunda-bpm-spring-boot-starter-webapp</artifactId>
+              <version>${camunda.spring-boot.version}</version>
+            </dependency>
+
+        <!-- Enterprise Edition -->
+<!--        <dependency>-->
+<!--            <groupId>org.camunda.bpm.springboot</groupId>-->
+<!--            <artifactId>camunda-bpm-spring-boot-starter-webapp-ee</artifactId>-->
+<!--            <version>${camunda.spring-boot.version}-ee</version>-->
+<!--        </dependency>-->
+
+        <!-- ================ general - data ================ -->
+
+<!--        <dependency>-->
+<!--            <groupId>com.h2database</groupId>-->
+<!--            <artifactId>h2</artifactId>-->
+<!--        </dependency>-->
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+            <version>2.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.2.12</version>
+        </dependency>
+
+        <!-- ================ spring boot ================ -->
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+            <version>${spring-boot.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+
+        <!-- ================ spring security ================ -->
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
+
+        <!-- ================ microsoft azure ================ -->
+
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-active-directory-spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-spring-boot</artifactId>
+            <version>${azure.version}</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${spring-boot.version}</version>
+                <configuration>
+                    <layout>ZIP</layout>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/main/java/com/camunda/example/oauth2/Application.java

@@ -0,0 +1,13 @@
+package com.camunda.example.oauth2;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+
+  public static void main(String[] args) {
+    SpringApplication.run(Application.class);
+  }
+
+}

src/main/java/com/camunda/example/oauth2/config/WebAppSecurityConfig.java

@@ -0,0 +1,61 @@
+package com.camunda.example.oauth2.config;
+
+import com.camunda.example.oauth2.filter.CamundaAuthenticationFilter;
+import com.camunda.example.oauth2.filter.WebAppAuthenticationProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+
+import java.util.Collections;
+
+@Configuration
+@EnableWebSecurity(debug = true)
+@Order(SecurityProperties.BASIC_AUTH_ORDER - 15)
+public class WebAppSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final Logger logger = LoggerFactory.getLogger(WebAppSecurityConfig.class.getName());
+
+    @Autowired
+    private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.authorizeRequests().antMatchers("/app/admin/**", "/app/cockpit/**", "/app/tasklist/**").authenticated()
+                .and()
+                .authorizeRequests().antMatchers("/**").permitAll()
+                .and()
+                .oauth2Login()
+                .userInfoEndpoint()
+                .oidcUserService(oidcUserService);
+
+        http.csrf().disable();
+    }
+
+    @Bean
+    @Order(SecurityProperties.BASIC_AUTH_ORDER - 15)
+    public FilterRegistrationBean<CamundaAuthenticationFilter> containerBasedAuthenticationFilter() {
+
+        logger.info("++++++++ WebAppSecurityConfig.containerBasedAuthenticationFilter()....");
+        FilterRegistrationBean<CamundaAuthenticationFilter> filterRegistration
+                = new FilterRegistrationBean<>();
+        filterRegistration.setFilter(new CamundaAuthenticationFilter());
+        filterRegistration.setInitParameters(Collections.singletonMap("authentication-provider", WebAppAuthenticationProvider.class.getName()));
+        filterRegistration.setOrder(101); // make sure the filter is registered after the Spring Security Filter Chain
+        filterRegistration.addUrlPatterns("/*");
+        return filterRegistration;
+
+    }
+
+}

src/main/java/com/camunda/example/oauth2/filter/CamundaAuthenticationFilter.java

@@ -0,0 +1,31 @@
+package com.camunda.example.oauth2.filter;
+
+import org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter;
+import org.camunda.bpm.webapp.impl.util.ServletContextUtil;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+public class CamundaAuthenticationFilter extends ContainerBasedAuthenticationFilter {
+
+    @Override
+    protected String getRequestUri(HttpServletRequest request) {
+        String requestURI = request.getRequestURI();
+        String contextPath = request.getContextPath();
+
+        int contextPathLength = contextPath.length();
+        if (contextPathLength > 0) {
+            requestURI = requestURI.substring(contextPathLength);
+        }
+
+        ServletContext servletContext = request.getServletContext();
+        String applicationPath = ServletContextUtil.getAppPath(servletContext);
+        int applicationPathLength = applicationPath.length();
+
+        if (applicationPathLength > 0 && applicationPathLength < requestURI.length()) {
+            requestURI = requestURI.substring(applicationPathLength);
+        }
+
+        return requestURI;
+    }
+}

src/main/java/com/camunda/example/oauth2/filter/WebAppAuthenticationProvider.java

@@ -0,0 +1,60 @@
+package com.camunda.example.oauth2.filter;
+
+import org.camunda.bpm.engine.ProcessEngine;
+import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult;
+import org.camunda.bpm.engine.rest.security.auth.impl.ContainerBasedAuthenticationProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class WebAppAuthenticationProvider extends ContainerBasedAuthenticationProvider {
+
+    private final Logger logger = LoggerFactory.getLogger(WebAppAuthenticationProvider.class.getName());
+
+    @Override
+    public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine) {
+
+        logger.info("++ WebAppAuthenticationProvider.extractAuthenticatedUser()....");
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null) {
+            logger.debug("++ authentication == null...return unsuccessful.");
+            return AuthenticationResult.unsuccessful();
+        }
+
+        logger.debug("++ authentication IS NOT NULL");
+        String name = authentication.getName();
+        if (name == null || name.isEmpty()) {
+            return AuthenticationResult.unsuccessful();
+        }
+
+        logger.debug("++ name = " + name);
+        AuthenticationResult authenticationResult = new AuthenticationResult(name, true);
+        authenticationResult.setGroups(getUserGroups(authentication));
+
+        return authenticationResult;
+    }
+
+    private List<String> getUserGroups(Authentication authentication) {
+
+        logger.info("++ WebAppAuthenticationProvider.getUserGroups()....");
+        List<String> groupIds;
+
+        groupIds = authentication.getAuthorities().stream()
+                .map(res -> res.getAuthority())
+                .map(res -> res.substring(5)) // Strip "ROLE_"
+                .collect(Collectors.toList());
+
+        logger.debug("++ groupIds = " + groupIds.toString());
+
+        return groupIds;
+
+    }
+
+}

src/main/resources/META-INF/resources/webjars/camunda/app/welcome/scripts/config.js

@@ -0,0 +1,9 @@
+window.camWelcomeConf = {
+    links: [
+        {
+            label: 'Login with your Microsoft Credentials',
+            href: '/oauth2/authorization/azure',
+            description: 'Link to Azure AD'
+        }
+    ]
+};