AnsweredAssumed Answered

Making explorer multi tenant aware - Pointing explorer to multiple LDAPs

Question asked by penusila611621 on Jan 20, 2015
Latest reply on Jan 30, 2015 by atifraza
I have done the following changes to make explorer multi tenant aware as I needed very much.

1.  Extended DefaultLoginHandler java class and injected from activiti-standalone-context.xml and did the following customizations.
     1.1)  Changed the definition of injection of DefaultLoginHandler  in activiti-standalone-context.xml file as below

              <bean id="activitiLoginHandler" class="MyLoginHandler">  
                         <property name="identityService" ref="identityService" />
        <property name="myProcessEngineConfiguration" ref="processEngineConfiguration" /> <newline - injecting process engine       object>
                      <property name="tenantList" value="TENANT1,TENANT2,TENANT3"/> <new line - setting tenant ids>
     1.2)  In the setter method of MyLoginHandler, written the following lines to update the LDAP properties in run time. On engine bootstrap explorer connects to LDAP defined in the  activiti-standalone-context.xml. The following allows to change the LDAP connection at runtime

              List<ProcessEngineConfigurator> processEngineConfigurator = processEngineConfiguration.getAllConfigurators();
                 for(int i=0; i < processEngineConfigurator.size(); i++){
                    ldapConfigurator = (LDAPConfigurator) processEngineConfigurator.get(i);

    1.3) Defined the same set of tenant ids in a separate file in my local system and their LDAP configuration details against each tenant id
    1.4) In the method public LoggedInUserImpl authenticate(String userName, String password), reading the tenant LDAP details and setting the same to setter methods of LDAP object extracted in step 1.2. Fetching the right LDAP details for the tenant is determined through step 1.5
  1.5)  Typically using the link http://localhost:8080/activiti-explorer/ui/ to access the explorer. But to enforce tenant here, I am using the http://localhost:8080/activiti-explorer/ui?tenantID=TENANT1. Fetching the tenant ID from the request in public void onRequestStart(HttpServletRequest request, HttpServletResponse response) { method and setting to a global tenant id variable

1.6) So tenant id extracted from explorer url is used to determine the right LDAP config details from the property file

This way it's working fine for me and I want some Activiti experts validate my approach and looking for suggestions. I am not sure about the implications of injecting processEngineConfiguration object into my loginhandler class and using it there.

I need the explorer to work in multi tenant aware way for one of my use case.