flowable · mattydebie · Dec 11, 2018
diff --git a/...able-ui-idm-app/src/main/java/org/flowable/ui/idm/application/FlowableIdmApplication.java b/...able-ui-idm-app/src/main/java/org/flowable/ui/idm/application/FlowableIdmApplication.java
@@ -12,12 +12,19 @@
  */
 package org.flowable.ui.idm.application;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.flowable.ui.idm.conf.ApplicationConfiguration;
+import org.flowable.ui.idm.model.SSOUserInfo;
+import org.flowable.ui.idm.rest.app.SSOHandler;
 import org.flowable.ui.idm.servlet.AppDispatcherServletConfiguration;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
+import org.springframework.util.MultiValueMap;
 
 /**
  * @author Filip Hrisafov
@@ -33,4 +40,23 @@ public static void main(String[] args) {
         SpringApplication.run(FlowableIdmApplication.class, args);
     }
 
+    @Bean
+    public SSOHandler ssoHandler() {
+        return new SSOHandler() {
+
+            @Override
+            public boolean isActive(){
+                return false;
+            }
+            @Override
+            public SSOUserInfo handleSsoReturn(HttpServletRequest request, HttpServletResponse response, MultiValueMap<String, String> body) {
+                return null;
+            }
+            @Override
+            public String getExternalUrl(String idmUrl) {
+                return null;
+            }
+        };
+    }
+
 }
diff --git a/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/i18n/en.json b/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/i18n/en.json
@@ -39,6 +39,7 @@
         "PASSWORD": "Password",
         "PASSWORD-PLACEHOLDER": "Enter your password",
         "INVALID-CREDENTIALS": "Invalid credentials",
+        "EXTERNAL-SERVICE": "Log in with an external service",
         "ACTION": {
             "CONFIRM": "Sign in"
         }

diff --git a/...le-ui-idm-app/src/main/resources/static/scripts/common/services/authentication-service.js b/...le-ui-idm-app/src/main/resources/static/scripts/common/services/authentication-service.js
@@ -187,6 +187,16 @@ flowableApp.factory('AuthenticationSharedService', ['$rootScope', '$http', 'auth
 
           return deferred.promise;
         },
+
+        getSsoUrl: function (param) {
+            $http.get(FLOWABLE.CONFIG.contextRoot + '/app/sso/external', {
+                ignoreAuthModule: 'ignoreAuthModule'
+            }).success(function (data, status, headers, config) {
+                if ( data != null && data.length > 0 && param.success ){
+                    param.success(data, status, headers, config);
+                }
+            });
+        },
 
         login: function (param) {
             var data ="j_username=" + encodeURIComponent(param.username) +"&j_password=" + encodeURIComponent(param.password) +"&_spring_security_remember_me=true&submit=Login";

diff --git a/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/scripts/controllers.js b/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/scripts/controllers.js
@@ -10,12 +10,33 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-flowableApp.controller('LoginController', ['$scope', '$location', 'AuthenticationSharedService', '$timeout',
-    function ($scope, $location, AuthenticationSharedService, $timeout) {
+flowableApp.controller('LoginController', ['$scope', '$location', '$cookies', 'AuthenticationSharedService', '$timeout',
+    function ($scope, $location, $cookies, AuthenticationSharedService, $timeout) {
 
         $scope.model = {
             loading: false
         };
+
+        // default values
+        if ( !('redirectUrl' in $location.search()) ) {
+            delete $cookies.redirectUrl;
+        }
+        $scope.hasExternalAuth = false;
+
+        AuthenticationSharedService.getSsoUrl({
+            success: function(data) {
+                $scope.ssoUrl = data;
+                $scope.hasExternalAuth = true;
+
+                if( 'redirectUrl' in $location.search() ){
+                    var redirectUrl = $location.search()['redirectUrl'];
+                    if( redirectUrl != null && redirectUrl.length > 0 ){
+                        $cookies.redirectUrl = redirectUrl;
+                    }
+                }
+            }
+        });
+
         $scope.login = function () {
 
             $scope.model.loading = true;

diff --git a/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/styles/style-idm.css b/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/styles/style-idm.css
@@ -147,6 +147,9 @@
     color: #e74c3c;
     padding: 10px;
 }
+.external-auth {
+    margin-top: 1rem;
+}
 
 /**
  Colors:

diff --git a/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/views/login.html b/modules/flowable-ui-idm/flowable-ui-idm-app/src/main/resources/static/views/login.html
@@ -24,6 +24,10 @@
                     <p translate="LOGIN.INVALID-CREDENTIALS"></p>
                 </div>
             </form>
+            <div ng-if="hasExternalAuth" class="external-auth">
+                <a href="{{ ssoUrl }}" translate="LOGIN.EXTERNAL-SERVICE"></a>
+            </div>
         </div>
+
     </div>
 </div>
diff --git a/...dm/flowable-ui-idm-conf/src/main/java/org/flowable/ui/idm/conf/SecurityConfiguration.java b/...dm/flowable-ui-idm-conf/src/main/java/org/flowable/ui/idm/conf/SecurityConfiguration.java
@@ -145,8 +145,7 @@ protected void configure(HttpSecurity http) throws Exception {
                     .addHeaderWriter(new XXssProtectionHeaderWriter())
                     .and()
                     .authorizeRequests()
-                    .antMatchers("/*").permitAll()
-                    .antMatchers("/app/rest/authenticate").permitAll()
+                    .antMatchers("/*", "/app/rest/authenticate", "/app/sso/*").permitAll()
                     .antMatchers("/app/**").hasAuthority(DefaultPrivileges.ACCESS_IDM);
 
             // Custom login form configurer to allow for non-standard HTTP-methods (eg. LOCK)

diff --git a/...-idm/flowable-ui-idm-logic/src/main/java/org/flowable/ui/idm/model/SSOAuthentication.java b/...-idm/flowable-ui-idm-logic/src/main/java/org/flowable/ui/idm/model/SSOAuthentication.java
@@ -0,0 +1,59 @@
+package org.flowable.ui.idm.model;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import org.flowable.idm.api.User;
+import org.flowable.ui.common.security.FlowableAppUser;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+public class SSOAuthentication implements Authentication {
+
+    private FlowableAppUser user;
+
+    public SSOAuthentication(User user) {
+        this.user = new FlowableAppUser(user, user.getId(), Collections.emptyList());
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return Collections.emptyList();
+    }
+    @Override
+    public String getCredentials() {
+        return user.getPassword();
+    }
+    @Override
+    public User getDetails() {
+        return user.getUserObject();
+    }
+    @Override
+    public FlowableAppUser getPrincipal() {
+        return user;
+    }
+    @Override
+    public boolean isAuthenticated() {
+        return true;
+    }
+    @Override
+    public void setAuthenticated(boolean b) throws IllegalArgumentException {
+
+    }
+    @Override
+    public boolean equals(Object o) {
+        return o instanceof SSOAuthentication && user.getUserObject().getId().equals(((SSOAuthentication) o).user.getUserObject().getId());
+    }
+    @Override
+    public String toString() {
+        return user.toString();
+    }
+    @Override
+    public int hashCode() {
+        return user.getUserObject().hashCode();
+    }
+    @Override
+    public String getName() {
+        return user.getUsername();
+    }
+}
diff --git a/...ble-ui-idm/flowable-ui-idm-logic/src/main/java/org/flowable/ui/idm/model/SSOUserInfo.java b/...ble-ui-idm/flowable-ui-idm-logic/src/main/java/org/flowable/ui/idm/model/SSOUserInfo.java
@@ -0,0 +1,88 @@
+package org.flowable.ui.idm.model;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import org.json.JSONObject;
+import org.springframework.http.converter.json.GsonFactoryBean;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class SSOUserInfo {
+
+    private String id;
+    private String firstName;
+    private String lastName;
+    private String email;
+
+    private String tenant;
+    private List<String> privileges;
+
+    public SSOUserInfo(){
+    }
+
+    public SSOUserInfo(String id, String firstName, String lastName, String email) {
+        this(id, firstName, lastName, email, null, id);
+    }
+
+    public SSOUserInfo(String id, String firstName, String lastName, String email, String tenant) {
+        this(id, firstName, lastName, email, null, tenant);
+    }
+
+    public SSOUserInfo(String id, String firstName, String lastName, String email, List<String> privileges) {
+        this(id, firstName, lastName, email, privileges, id);
+    }
+
+    public SSOUserInfo(String id, String firstName, String lastName, String email, List<String> privileges, String tenant) {
+        this.id = id;
+        this.firstName = firstName;
+        this.lastName = lastName;
+        this.email = email;
+
+        this.privileges = privileges;
+        this.tenant = tenant;
+    }
+
+    public String getId() {
+        return id;
+    }
+    public String getFirstName() {
+        return firstName;
+    }
+    public String getLastName() {
+        return lastName;
+    }
+    public String getEmail() {
+        return email;
+    }
+    public String getTenant() {
+        return tenant;
+    }
+    public List<String> getPrivileges() {
+        return privileges;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+    public void setFirstName(String firstName) {
+        this.firstName = firstName;
+    }
+    public void setLastName(String lastName) {
+        this.lastName = lastName;
+    }
+    public void setEmail(String email) {
+        this.email = email;
+    }
+    public void setTenant(String tenant) {
+        this.tenant = tenant;
+    }
+    public void setPrivileges(List<String> privileges) {
+        this.privileges = privileges;
+    }
+}