You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


User logs in to external system and implicitly gains access to Joget without being prompted to login again.

用户登录到外部系统,隐式获得对Joget Workflow的访问,而不会再提示重新登录。

Using JSON API

使用JSON API

  • Using '/web/json/directory/user/sso' JSON API.

    使用  '/web/json/directory/user/sso'   JSON API.

  • You are allowed to call this method using JSON API Authentication or 

    您可以使用 JSON API 认证

  • Directly passes the username and password with "username" and "password" parameters respectively shown in following example.

    直接传递用户名和密码,分别如下例所示的“用户名”和“密码”参数。

<script>
    $(document).ready(function(){
		$.ajax({
            type: "POST",
            url: 'http://localhost:8080/jw/web/json/directory/user/sso?callback=callbackFunction',
            data: {
                username: 'admin',
                password: 'admin'
            },
            success: function(res) {
                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
            },
            dataType: "json"
        });
    });
</script>

Using Basic Http Authentication with JSON API

使用基本的Http身份验证和JSON API

  • Since V4, Joget is supported Basic HTTP Authentication in JSON API authentication, you can passing the credentials in the header.

    自V4以来,  支持Joget Workflow基本HTTP身份验证的JSON API身份验证中,您可以将凭据传递到头中。

  • ExampleAssuming the username and password required is "user1" and "password1" respectively, we can set the Basic Auth header to the JSON API using following jQuery script.

    示例:  假设所需的用户名和密码分别为“user1”和“password1”,我们可以使用以下jQuery脚本将Basic Auth头设置为JSON API。

<script>
    $(document).ready(function(){
		$.ajax({
            type: "POST",
            url: 'http://localhost:8080/jw/web/json/directory/user/sso',
            beforeSend: function (xhr) {
                xhr.setRequestHeader ("Authorization", "Basic dXNlcjE6cGFzc3dvcmQx");
            },
            success: function(res) {
                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));
            },
            dataType: "json"
        });
    });
</script>

Using Javascript API


使用JavaScript API

  • Includes the jQuery & util.js libraries. 

    包含jQuery&util.js库。 

  • Using the AssignmentManager.login method for SSO.

    使用AssignmentManager.login方法进行SSO。

  • Perform actions in callback of successful login.

    执行成功登录回调的操作。

<script type="text/javascript" src="http://localhost:8080/jw/js/jquery/jquery-1.9.1.min.js"></script>
<script type="text/javascript" src="http://localhost:8080/jw/js/json/util.js" ></script>

<script type="text/javascript" >
$(document).ready(function(){
    var loginCallback = {
        success : function(response){
            if(response.username != "roleAnonymous"){
                alert("login successfully");
            }else{
                alert("login fail");
            }
        }
    };
    AssignmentManager.login('http://localhost:8080/jw', 'admin', 'admin', loginCallback);
});
</script>

Login an User Programmatically

以编程方式登录用户



import org.joget.apps.workflow.security.WorkflowUserDetails;
import org.joget.directory.model.service.DirectoryManager;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.joget.apps.app.service.AppUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.joget.directory.model.User;
import org.joget.workflow.util.WorkflowUtil;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
 
//Get service beans
DirectoryManager dm = (DirectoryManager) AppUtil.getApplicationContext().getBean("directoryManager");
WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
 
//Login as "clark"
String username = "clark"; 
User user = dm.getUserByUsername(username);

if (user != null) {
    WorkflowUserDetails userDetail = new WorkflowUserDetails(user);
 
    //Generate an authentication token without a password
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userDetail.getUsername(), "", userDetail.getAuthorities());
    auth.setDetails(userDetail);
    //Login the user
    SecurityContextHolder.getContext().setAuthentication(auth);
    workflowUserManager.setCurrentThreadUser(user.getUsername());

    // generate new session to avoid session fixation vulnerability
    HttpServletRequest httpRequest = WorkflowUtil.getHttpServletRequest();
    HttpSession session = httpRequest.getSession(false);
    if (session != null) {
        SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
        session.invalidate();
        session = httpRequest.getSession(true);
        if (savedRequest != null) {
            session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", savedRequest);
        }
    }
}

Please note that if you are adding these code in a filter, you will need to store the SecurityContext to session.

请注意,如果要将这些代码添加到过滤器中,则需要将SecurityContext存储到会话中。

//Store SecurityContext to session to avoid spring security to clean it.
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());



  • No labels