Activiti工作流访问路径资源注册和管理

     在activiti中每一个用户属于一个用户组，不同的用户拥有不同的权限，不同的权限可以有不同的操作，因此请求的资源路径和登录的安全验证相当的重要。需要添加相关的验证。

       原理实现REST的org.restlet.Application接口实现，实现REST访问方式唯一的入口点，同时添加相关的权限验证。然后再web.xml配置即可。

web.xml配置如下：
<?xml version="1.0" encoding="UTF-8"?> 

<web-app id="WebApp_ID" version="2.4" 

            xmlns="http://java.sun.com/xml/ns/j2ee" 

            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 

            xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 

                 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 

 

 <display-name>Activiti REST</display-name>

  

 <listener>

    <listener-class>org.activiti.rest.servlet.ActivitiServletContextListener</listener-class>

 </listener>

 

 <!-- Restlet adapter --> 

 <servlet> 

    <servlet-name>RestletServlet</servlet-name> 

    <servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>

    <init-param>

      <!-- Application class name -->

      <param-name>org.restlet.application</param-name>

      <param-value>org.activiti.rest.application.ActivitiRestApplication</param-value>

    </init-param>

 </servlet>

 

 <!-- Catch all requests --> 

 <servlet-mapping> 

    <servlet-name>RestletServlet</servlet-name> 

   <url-pattern>/service/*</url-pattern> 

 </servlet-mapping> 

</web-app>

代码如下：

package org.activiti.rest.application;

 

import org.activiti.rest.api.ActivitiUtil;

import org.activiti.rest.api.DefaultResource;

import org.activiti.rest.api.engine.ProcessEngineResource;

import org.activiti.rest.api.identity.GroupResource;

import org.activiti.rest.api.identity.GroupUsersResource;

import org.activiti.rest.api.identity.LoginResource;

import org.activiti.rest.api.identity.UserGroupsResource;

import org.activiti.rest.api.identity.UserPictureResource;

import org.activiti.rest.api.identity.UserResource;

import org.activiti.rest.api.identity.UserSearchResource;

import org.activiti.rest.api.management.JobExecuteResource;

import org.activiti.rest.api.management.JobResource;

import org.activiti.rest.api.management.JobsExecuteResource;

import org.activiti.rest.api.management.JobsResource;

import org.activiti.rest.api.management.TableDataResource;

import org.activiti.rest.api.management.TableResource;

import org.activiti.rest.api.management.TablesResource;

import org.activiti.rest.api.process.ProcessDefinitionFormResource;

import org.activiti.rest.api.process.ProcessDefinitionPropertiesResource;

import org.activiti.rest.api.process.ProcessDefinitionsResource;

import org.activiti.rest.api.process.ProcessInstanceDiagramResource;

import org.activiti.rest.api.process.ProcessInstanceResource;

import org.activiti.rest.api.process.ProcessInstancesResource;

import org.activiti.rest.api.process.StartProcessInstanceResource;

import org.activiti.rest.api.repository.DeploymentDeleteResource;

import org.activiti.rest.api.repository.DeploymentUploadResource;

import org.activiti.rest.api.repository.DeploymentsDeleteResource;

import org.activiti.rest.api.repository.DeploymentsResource;

import org.activiti.rest.api.task.TaskAddResource;

import org.activiti.rest.api.task.TaskAttachmentAddResource;

import org.activiti.rest.api.task.TaskAttachmentResource;

import org.activiti.rest.api.task.TaskFormResource;

import org.activiti.rest.api.task.TaskOperationResource;

import org.activiti.rest.api.task.TaskPropertiesResource;

import org.activiti.rest.api.task.TaskResource;

import org.activiti.rest.api.task.TaskUrlAddResource;

import org.activiti.rest.api.task.TasksResource;

import org.activiti.rest.api.task.TasksSummaryResource;

import org.restlet.Application;

import org.restlet.Request;

import org.restlet.Response;

import org.restlet.Restlet;

import org.restlet.data.ChallengeScheme;

import org.restlet.routing.Router;

import org.restlet.security.ChallengeAuthenticator;

import org.restlet.security.SecretVerifier;

import org.restlet.security.Verifier;

 

/**

 * @author Tijs Rademakers

 */

public class ActivitiRestApplication extends Application {

 

 private ChallengeAuthenticator authenticator;

 

 /**

   * Creates a root Restlet that will receive all incoming calls.

   */

 @Override

 public synchronized Restlet createInboundRoot() {

    Verifier verifier = new SecretVerifier() {

 

      @Override

      public boolean verify(String username, char[] password) throws IllegalArgumentException {

        boolean verified = ActivitiUtil.getIdentityService().checkPassword(username, new String(password));

        return verified;

      }

    };

    authenticator = new ChallengeAuthenticator(null, true, ChallengeScheme.HTTP_BASIC,

          "Activiti Realm") {

     

      @Override

      protected boolean authenticate(Request request, Response response) {

        if (request.getChallengeResponse() == null) {

          return false;

        } else {

          return super.authenticate(request, response);

        }

      }

    };

    authenticator.setVerifier(verifier);

   

    Router router = new Router(getContext());

 

    router.attachDefault(DefaultResource.class);

   

    router.attach("/process-engine", ProcessEngineResource.class);

   

    router.attach("/login", LoginResource.class);

   

    router.attach("/user/{userId}", UserResource.class);

    router.attach("/user/{userId}/groups", UserGroupsResource.class);

    router.attach("/user/{userId}/picture", UserPictureResource.class);

    router.attach("/users/{searchText}", UserSearchResource.class);

   

    router.attach("/group/{groupId}", GroupResource.class);

    router.attach("/groups/{groupId}/users", GroupUsersResource.class);

   

    router.attach("/process-definitions", ProcessDefinitionsResource.class);

    router.attach("/process-instances", ProcessInstancesResource.class);

    router.attach("/process-instance", StartProcessInstanceResource.class);

    router.attach("/processInstance/{processInstanceId}", ProcessInstanceResource.class);

    router.attach("/processInstance/{processInstanceId}/diagram", ProcessInstanceDiagramResource.class);

    router.attach("/process-definition/{processDefinitionId}/form", ProcessDefinitionFormResource.class);

    router.attach("/process-definition/{processDefinitionId}/properties", ProcessDefinitionPropertiesResource.class);

   

    router.attach("/tasks", TasksResource.class);

    router.attach("/tasks-summary", TasksSummaryResource.class);

    router.attach("/task", TaskAddResource.class);

    router.attach("/task/{taskId}", TaskResource.class);

    router.attach("/task/{taskId}/form", TaskFormResource.class);

    router.attach("/task/{taskId}/attachment", TaskAttachmentAddResource.class);

    router.attach("/task/{taskId}/url", TaskUrlAddResource.class);

    router.attach("/task/{taskId}/{operation}", TaskOperationResource.class);

   

    router.attach("/attachment/{attachmentId}", TaskAttachmentResource.class);

   

    router.attach("/form/{taskId}/properties", TaskPropertiesResource.class);

   

    router.attach("/deployments", DeploymentsResource.class);

    router.attach("/deployment", DeploymentUploadResource.class);

    router.attach("/deployments/delete", DeploymentsDeleteResource.class);

    router.attach("/deployment/{deploymentId}", DeploymentDeleteResource.class);

   

    router.attach("/management/jobs", JobsResource.class);

    router.attach("/management/job/{jobId}", JobResource.class);

    router.attach("/management/job/{jobId}/execute", JobExecuteResource.class);

    router.attach("/management/jobs/execute", JobsExecuteResource.class);

   

    router.attach("/management/tables", TablesResource.class);

    router.attach("/management/table/{tableName}", TableResource.class);

    router.attach("/management/table/{tableName}/data", TableDataResource.class);

   

    authenticator.setNext(router);

   

    return authenticator;

 }

 

 public String authenticate(Request request, Response response) {

    if (!request.getClientInfo().isAuthenticated()) {

      authenticator.challenge(response, false);

      return null;

    }

    return request.getClientInfo().getUser().getIdentifier();

 }

}