micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/WEBBPMNEXT-9175_migrate_to_tomcat' into release/1.0.0

Browse source 
# Conflicts:
#	config/tomcat/etc/tomcat/webbpm.properties
This commit is contained in:
Eduard Tihomirov 2024-09-17 14:19:34 +03:00
commit 9c2c57a590
45 changed files with 648 additions and 527 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Dockerfile
View file

@ -1,22 +0,0 @@
FROM maven:3-openjdk-17-slim AS build
RUN apt update \
&& apt upgrade -y \
&& curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \
&& apt install -y git nodejs \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY . .
RUN mvn clean && mvn package -T4C
FROM gitlab.micord.ru:5050/common/base/webbpm/webbpm-tomcat-cprocsp:8.0.15-jre17-webprofile
ARG ADMIN_PASSWORD=Secr3t
COPY config/tomcat/tomee /usr/local/tomee
RUN rm -rf /usr/local/tomee/webapps/ROOT \
&& cat /usr/local/tomee/conf/webbpm.properties >> /usr/local/tomee/conf/catalina.properties \
&& sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /usr/local/tomee/conf/tomcat-users.xml
COPY --from=build /app/frontend/target/*.war /usr/local/tomee/webapps/ROOT.war
COPY --from=build /app/backend/target/*.war /usr/local/tomee/webapps/ul.war

18
Dockerfile.old
View file

@ -1,18 +0,0 @@
FROM tomee:8.0.15-jre17-webprofile
RUN \
rm -rf /usr/local/tomee/webapps/ROOT && \
echo "fias.enable=false" >> /usr/local/tomee/conf/catalina.properties && \
echo "webbpm.jbpm.hibernate_statistics.enabled=false" >> /usr/local/tomee/conf/catalina.properties && \
echo "webbpm.mode=production" >> /usr/local/tomee/conf/catalina.properties && \
echo "authentication.method=form" >> /usr/local/tomee/conf/catalina.properties && \
echo "webbpm.cache.hazelcast.hosts=127.0.0.1" >> /usr/local/tomee/conf/catalina.properties && \
echo "webbpm.cache.hazelcast.outbound_port_definitions=5801-5820" >> /usr/local/tomee/conf/catalina.properties && \
echo "gar.enable=false" >> /usr/local/tomee/conf/catalina.properties && \
echo "reset_password.mail.template.path=mail/reset_password.html" >> /usr/local/tomee/conf/catalina.properties && \
echo "security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$" >> /usr/local/tomee/conf/catalina.properties && \
echo "bpmn.enable=false" >> /usr/local/tomee/conf/catalina.properties
COPY config/context.xml /usr/local/tomee/conf/
#COPY config/tomcat-users.xml /usr/local/tomee/conf/
COPY frontend/dist/ /usr/local/tomee/webapps/ROOT
COPY backend/target/*.war /usr/local/tomee/webapps/ul.war

30
backend/pom.xml
View file

@ -57,7 +57,6 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@ -138,6 +137,7 @@
<dependency>
<groupId>ru.cg.webbpm.modules.database</groupId>
<artifactId>database-impl</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.jndi</groupId>
@ -216,18 +216,6 @@
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.mnode.ical4j</groupId>
<artifactId>ical4j</artifactId>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-spring</artifactId>
@ -240,6 +228,22 @@
<groupId>ru.cg.webbpm.packages.base</groupId>
<artifactId>backend</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j2-impl</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jul</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-web</artifactId>
</dependency>
</dependencies>
<build>
<finalName>${parent.artifactId}</finalName>

3
backend/src/main/java/AppConfig.java
View file

@ -38,7 +38,8 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
"ru.micord",
"ervu"
}, excludeFilters = {
@ComponentScan.Filter(type = FilterType.REGEX, pattern = "security.WebSecurityConfig")
@ComponentScan.Filter(type = FilterType.REGEX, pattern = "security.WebSecurityConfig"),
@ComponentScan.Filter(type = FilterType.REGEX, pattern = "ru.cg.webbpm.modules.database.impl.DatabaseConfiguration"),
})
@EnableAspectJAutoProxy(proxyTargetClass = true)
@EnableWebMvc

156
backend/src/main/java/ru/micord/ervu/db/DbConfiguration.java Normal file
View file

@ -0,0 +1,156 @@
package ru.micord.ervu.db;
import org.jooq.ConnectionProvider;
import org.jooq.DSLContext;
import org.jooq.ExecuteListener;
import org.jooq.conf.Settings;
import org.jooq.impl.DefaultConfiguration;
import org.jooq.impl.DefaultDSLContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Primary;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy;
import org.springframework.transaction.PlatformTransactionManager;
import ru.cg.webbpm.modules.core.metrics.MetricsConfig;
import ru.cg.webbpm.modules.core.runtime.api.context.ExecutionContextHelper;
import ru.cg.webbpm.modules.database.api.ConfigurationProvider;
import ru.cg.webbpm.modules.database.api.metrics.DataSourceWithMetrics;
import ru.cg.webbpm.modules.database.api.provider.DslProvider;
import ru.cg.webbpm.modules.database.impl.DbConfInitializer;
import ru.cg.webbpm.modules.database.impl.data_source.DataSourceConfigReader;
import ru.cg.webbpm.modules.database.impl.data_source.DataSourceFactory;
import ru.cg.webbpm.modules.database.impl.data_source.HikariDataSourceFactory;
import ru.cg.webbpm.modules.database.impl.data_source.JndiDataSourceFactory;
import ru.cg.webbpm.modules.database.impl.provider.DefaultConnectionProvider;
import ru.cg.webbpm.modules.database.impl.provider.DslProviderImpl;
import ru.cg.webbpm.modules.database.impl.service.ProcessSqlService;
import ru.cg.webbpm.modules.database.bean.config.Datasource;
import ru.cg.webbpm.modules.resources.api.ResourceProvider;
import ru.fix.aggregating.profiler.PrefixedProfiler;
import ru.fix.aggregating.profiler.Profiler;
import javax.sql.DataSource;
import java.util.HashMap;
import java.util.Map;
@Configuration
@Import(MetricsConfig.class)
public class DbConfiguration {
@Value("${webbpm.db.query_timeout:120}")
private Integer queryTimeout;
@Autowired
private ResourceProvider resourceProvider;
@Autowired
private ProcessSqlService processSqlService;
@Autowired
private Profiler profiler;
@Autowired
private ExecutionContextHelper executionContextHelper;
@Autowired
private ExecuteListener[] executeListeners;
private final Map<String, DSLContext> dslContextMap = new HashMap<>();
private final Map<String, org.jooq.ConnectionProvider> connectionProviderMap = new HashMap<>();
@Bean
public Datasource datasourceConfig() {
return DataSourceConfigReader.read(resourceProvider);
}
@Bean(destroyMethod = "destroy")
public DataSourceFactory dataSourceFactory(HikariDataSourceFactory hikariDataSourceFactory) {
return new DataSourceFactory(hikariDataSourceFactory);
}
@Bean
@Primary
public DataSource datasource(DataSourceFactory dataSourceFactory) {
DataSource dataSource = dataSourceFactory.createDataSource(datasourceConfig(),
JndiDataSourceFactory::createDataSource
);
return new DataSourceWithMetrics(
dataSource,
"project",
new PrefixedProfiler(profiler, "webbpm.db"),
executionContextHelper
);
}
@Bean
public PlatformTransactionManager txManager(@Qualifier("datasource") DataSource dataSource) {
return new DataSourceTransactionManager(dataSource);
}
@Bean
@Primary
public TransactionAwareDataSourceProxy transactionAwareDataSource(DataSource dataSource) {
return new TransactionAwareDataSourceProxy(dataSource);
}
@Bean
@Primary
public DefaultConnectionProvider connectionProvider(
TransactionAwareDataSourceProxy transactionAwareDataSourceProxy) {
return new DefaultConnectionProvider(transactionAwareDataSourceProxy, processSqlService,
connectionProviderMap
);
}
@Bean
public Settings jooqSettings(DataSourceFactory dataSourceFactory) {
Settings settings = new Settings();
if (dataSourceFactory.dataSourceType() == DataSourceFactory.DataSourceType.HIKARI) {
settings.setQueryTimeout(queryTimeout);
}
return settings;
}
@Bean
@Primary
public org.jooq.Configuration jooqConfiguration(ConnectionProvider connectionProvider,
Settings jooqSettings) {
DefaultConfiguration configuration = new DefaultConfiguration();
configuration.setSQLDialect(datasourceConfig().getSqlDialect());
jooqSettings = jooqSettings.withExecuteLogging(false);
configuration.setSettings(jooqSettings);
configuration.setConnectionProvider(connectionProvider);
configuration.set(executeListeners);
return configuration;
}
@Bean
@Primary
public DSLContext dsl(org.jooq.Configuration configuration) {
return new DefaultDSLContext(configuration);
}
@Bean
public ConfigurationProvider configurationProvider(
PlatformTransactionManager platformTransactionManager) {
return () -> platformTransactionManager;
}
@Bean
public DslProvider dslProvider(@Qualifier("dsl") DSLContext dsl) {
return new DslProviderImpl(dsl, this.dslContextMap);
}
@Bean
public DbConfInitializer dbConfInitializer(DataSourceFactory dataSourceFactory,
org.jooq.Configuration masterConfiguration, Datasource datasource) {
return new DbConfInitializer(dataSourceFactory, masterConfiguration, datasource,
processSqlService, connectionProviderMap, dslContextMap);
}
}

19
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -237,9 +237,9 @@ public class EsiaAuthService {
.setAuthentication(
new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
Cookie isAuth = new Cookie("is_auth", "true");
Cookie isAuth = new Cookie("webbpm.ervu-lkrp-ul", "true");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(cookiePath);
isAuth.setPath("/");
response.addCookie(isAuth);
return true;
}
@ -335,9 +335,9 @@ public class EsiaAuthService {
.setAuthentication(
new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
Cookie isAuth = new Cookie("is_auth", "true");
Cookie isAuth = new Cookie("webbpm.ervu-lkrp-ul", "true");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(cookiePath);
isAuth.setPath("/");
response.addCookie(isAuth);
}
catch (Exception e) {
@ -382,9 +382,16 @@ public class EsiaAuthService {
Cookie[] cookies = request.getCookies();
if (cookies != null)
for (Cookie cookie : cookies) {
if (cookie.getName().equals("auth_token") || cookie.getName().equals("refresh_token")
|| cookie.getName().equals("access_token") || cookie.getName().equals("is_auth")) {
if (cookie.getName().equals("webbpm.ervu-lkrp-ul")) {
cookie.setValue("");
cookie.setPath("/");
cookie.setMaxAge(0);
response.addCookie(cookie);
}
else if (cookie.getName().equals("auth_token") || cookie.getName().equals("refresh_token")
|| cookie.getName().equals("access_token")) {
cookie.setValue("");
cookie.setPath(cookie.getPath());
cookie.setMaxAge(0);
response.addCookie(cookie);
}

30
backend/src/main/webapp/WEB-INF/log4j2.xml Normal file
View file

@ -0,0 +1,30 @@
<Configuration status="WARN" monitorInterval="30">
<Appenders>
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
<RollingRandomAccessFile name="LogToRollingRandomAccessFile" fileName="${sys:catalina.home}/logs/ervu-ul.log"
filePattern="${sys:catalina.home}/logs/$${date:yyyy-MM}/app-%d{MM-dd-yyyy}-%i.log.gz">
<PatternLayout>
<Pattern>%d %p %c{1.} [%t] %m%n</Pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy/>
<SizeBasedTriggeringPolicy size="20MB"/>
</Policies>
<DefaultRolloverStrategy max="10"/>
</RollingRandomAccessFile>
<Async name="Async">
<AppenderRef ref="LogToRollingRandomAccessFile"/>
</Async>
</Appenders>
<Loggers>
<Root level="INFO">
<AppenderRef ref="Console"/>
<AppenderRef ref="Async"/>
</Root>
</Loggers>
</Configuration>

1
config/.gitignore vendored
View file

@ -1,2 +1,3 @@
/*.ear
/*.jar
/*.war

79
config/Dockerfile
View file

@ -1,44 +1,49 @@
FROM quay.io/wildfly/wildfly:26.1.3.Final-jdk17
ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
ARG BACKEND_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
ARG FRONTEND_IMAGE=docker.angie.software/angie:latest
FROM $BUILDER_IMAGE AS builder
ARG MVN_FLAGS="-Pprod"
RUN apt-get update \
&& apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
&& apt-get clean
ENV JAVA_HOME=/usr/lib/jvm/java
ENV LANG=ru_RU.UTF-8
ENV LANGUAGE=ru_RU.UTF-8
ENV LC_ALL=ru_RU.UTF-8
WORKDIR /app
COPY . .
RUN mkdir -p $HOME/.m2 \
# && cp -f config/pgs-settings.xml $HOME/.m2/settings.xml \
# && cp -f config/pgs-npmrc frontend/.npmrc \
&& mvn clean \
&& mvn package -T4C ${MVN_FLAGS}
FROM $BACKEND_IMAGE AS backend
ARG ADMIN_PASSWORD=Secr3t
USER root
ARG POSTGRES_DRIVER_VERSION=42.7.3
RUN yum-config-manager --disable base --disable extras --disable updates \
&& yum-config-manager --enable C7.8.2003-base --enable C7.8.2003-extras --enable C7.8.2003-updates \
&& yum -y --disableplugin=fastestmirror install sudo \
&& chown -R jboss: /opt/jboss/
USER jboss
WORKDIR $JBOSS_HOME
ENV JAVA_ARGS=-Xmx3g
RUN echo 'JAVA_OPTS="$JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=*:8787,server=y,suspend=n"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -XX:MaxMetaspaceSize=1g"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+ExplicitGCInvokesConcurrent"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF-8"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -XX:-OmitStackTraceInFastThrow"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.logmanager.nocolor=true"' >> bin/standalone.conf && \
echo 'JAVA_OPTS="$JAVA_OPTS $JAVA_ARGS"' >> bin/standalone.conf
COPY config/tomcat /
### Locale support ru_RU ###
USER root
RUN localedef -i ru_RU -f UTF-8 ru_RU.UTF-8
RUN echo "LANG=\"ru_RU.UTF-8\"" > /etc/locale.conf
USER jboss
ENV LANG ru_RU.UTF-8
ENV LANGUAGE ru_RU.UTF-8
ENV LC_ALL ru_RU.UTF-8
### Locale Support END ###
RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
&& sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
&& chown root:tomcat /var/lib/tomcat/webapps \
&& chmod g+rw /var/lib/tomcat/webapps
COPY --chown=jboss entrypoint.sh .
COPY --chown=jboss patches patches
RUN (cd patches && wget https://repo.micord.ru/repository/libs-releases-local/org/jboss/ironjacamar/ironjacamar-core-impl/1.5.3.Final/ironjacamar-core-impl-1.5.3.Final.jar)
RUN (cd patches/system && wget https://repo1.maven.org/maven2/org/postgresql/postgresql/$POSTGRES_DRIVER_VERSION/postgresql-$POSTGRES_DRIVER_VERSION.jar -O postgresql-driver.jar)
USER tomcat
RUN chmod -R +x patches && \
chmod +x entrypoint.sh && \
./entrypoint.sh && \
rm -rf patches
COPY --from=builder /app/backend/target/ul.war /var/lib/tomcat/webapps/ul.war
ENV SERVER_START=true
COPY --chown=jboss *.ear $JBOSS_HOME/standalone/deployments/
FROM backend AS combo
COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
HEALTHCHECK --timeout=3s --start-period=3600s CMD curl --fail 127.0.0.1:8080/ul/version || exit 1
FROM $FRONTEND_IMAGE AS frontend
COPY config/angie.conf /etc/angie/angie.conf
COPY --from=builder /app/frontend/dist /frontend

22
config/Dockerfile.TC Normal file
View file

@ -0,0 +1,22 @@
#Dockerfile for TeamCity build "run in docker"
FROM repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
ARG ADMIN_PASSWORD=Secr3t
USER root
COPY tomcat /
RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
&& sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
&& chown root:tomcat /var/lib/tomcat/webapps \
&& chmod g+rw /var/lib/tomcat/webapps
COPY frontend.war /var/lib/tomcat/webapps/ROOT.war
COPY ul.war /var/lib/tomcat/webapps/ul.war
USER tomcat
EXPOSE 8080
ENTRYPOINT ["/entrypoint.sh"]

49
config/Dockerfile.alt Normal file
View file

@ -0,0 +1,49 @@
ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
FROM $BUILDER_IMAGE AS builder
ARG MVN_FLAGS="-Pprod"
RUN apt-get update \
&& apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
&& apt-get clean
WORKDIR /app
COPY . .
ENV JAVA_HOME=/usr/lib/jvm/java
ENV LANG ru_RU.UTF-8
ENV LANGUAGE ru_RU.UTF-8
ENV LC_ALL ru_RU.UTF-8
RUN mvn clean \
&& mvn package -T4C ${MVN_FLAGS}
FROM $RUNTIME_IMAGE
ARG ADMIN_PASSWORD=Secr3t
COPY config/entrypoint.sh /entrypoint.sh
RUN apt-get update \
&& apt-get -y install glibc-locales java-17-openjdk-headless mc \
tomcat tomcat-admin-webapps \
&& apt-get clean \
&& chmod +x /entrypoint.sh
COPY config/tomcat /
RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
&& sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
&& chown root:tomcat /var/lib/tomcat/webapps \
&& chmod g+rw /var/lib/tomcat/webapps
COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
COPY --from=builder /app/backend/target/ul*.war /var/lib/tomcat/webapps/ul.war
USER tomcat
EXPOSE 8080
ENTRYPOINT ["/entrypoint.sh"]

40
config/Dockerfile.backend Normal file
View file

@ -0,0 +1,40 @@
ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
ARG RUNTIME_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
FROM $BUILDER_IMAGE AS builder
ARG MVN_FLAGS="-Pprod"
RUN apt-get update \
&& apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
&& apt-get clean
ENV JAVA_HOME=/usr/lib/jvm/java
ENV LANG=ru_RU.UTF-8
ENV LANGUAGE=ru_RU.UTF-8
ENV LC_ALL=ru_RU.UTF-8
WORKDIR /app
COPY . .
RUN mkdir -p $HOME/.m2 \
# && cp -f config/pgs-settings.xml $HOME/.m2/settings.xml \
# && cp -f config/pgs-npmrc frontend/.npmrc \
&& mvn clean \
&& mvn package -T4C ${MVN_FLAGS}
FROM $RUNTIME_IMAGE
ARG ADMIN_PASSWORD=Secr3t
USER root
COPY config/tomcat /
RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
&& sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
&& chown root:tomcat /var/lib/tomcat/webapps \
&& chmod g+rw /var/lib/tomcat/webapps
USER tomcat
COPY --from=builder /app/backend/target/ul*.war /var/lib/tomcat/webapps/ul.war

10
config/Dockerfile.build
View file

@ -1,10 +0,0 @@
FROM maven:3-jdk-11-slim
RUN apt update \
&& apt upgrade -y \
&& curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \
&& apt install -y git nodejs \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY ../ .
RUN mvn clean -T4C && mvn package -T4C

29
config/Dockerfile.frontend Normal file
View file

@ -0,0 +1,29 @@
ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
ARG RUNTIME_IMAGE=docker.angie.software/angie:latest
FROM $BUILDER_IMAGE AS builder
ARG MVN_FLAGS="-Pprod"
RUN apt-get update \
&& apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
&& apt-get clean
ENV JAVA_HOME=/usr/lib/jvm/java
ENV LANG=ru_RU.UTF-8
ENV LANGUAGE=ru_RU.UTF-8
ENV LC_ALL=ru_RU.UTF-8
WORKDIR /app
COPY . .
RUN mkdir -p $HOME/.m2 \
# && cp config/pgs-settings.xml $HOME/.m2/settings.xml \
# && cp -f config/pgs-npmrc frontend/.npmrc \
&& mvn clean \
&& mvn package -T4C ${MVN_FLAGS}
FROM $RUNTIME_IMAGE
COPY config/angie.conf /etc/angie/angie.conf
COPY --from=builder /app/frontend/dist /frontend

5
config/Dockerfile.secdb
View file

@ -1,5 +0,0 @@
FROM postgres:11-alpine
COPY secdb.sql .
CMD psql "postgresql://${DB_SEC_USERNAME:-security}:${DB_SEC_PASSWORD:-secpassword}@${DB_SEC_HOST:-db}/${DB_SEC_NAME:-security}" < secdb.sql

1
config/JDK_version
View file

@ -1 +0,0 @@
17

84
config/angie.conf Normal file
View file

@ -0,0 +1,84 @@
include /etc/angie/modules-enabled.d/*.conf;
worker_processes 10;
error_log /var/log/angie/error.log;
events {
worker_connections 1024;
}
include /etc/angie/conf-enabled.d/*.conf;
http {
include /etc/angie/mime.types;
default_type application/octet-stream;
sendfile on;
gzip on;
# text/html doesn't need to be defined there, it's compressed always
gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml;
# gzip_comp_level 9;
include /etc/angie/sites-enabled.d/*.conf;
log_format angie_main
'$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name ';
server {
listen 80 default;
access_log /var/log/angie/access.log angie_main;
error_log /var/log/angie/error.log error;
charset utf-8;
client_max_body_size 32m;
##
# `gzip` Settings
#
#
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
location / {
root /frontend;
index index.html;
expires -1;
try_files $uri $uri/ $uri/index.html;
}
}
}

31
config/browsers.json
View file

@ -1,31 +0,0 @@
{
"firefox": {
"default": "112.0",
"versions": {
"112.0": {
"image": "selenoid/firefox:112.0",
"port": "4444",
"path": "/wd/hub",
"tmpfs": {
"/tmp": "size=512m"
},
"env" : ["LANG=ru_RU.UTF-8", "LANGUAGE=ru:en", "LC_ALL=ru_RU.UTF-8"],
"shmSize": 1073741824
}
}
},
"chrome": {
"default": "121.0",
"versions": {
"121.0": {
"image": "selenoid/chrome:121.0",
"port": "4444",
"tmpfs": {
"/tmp": "size=512m"
},
"env" : ["LANG=ru_RU.UTF-8", "LANGUAGE=ru:en", "LC_ALL=ru_RU.UTF-8"],
"shmSize": 1073741824
}
}
}
}

36
config/context.xml
View file

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<Resource name="java:/webbpm/AppDS" auth="Container"
type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://10.10.31.119:5432/ervu-lkrp-ul"
username="ervu-lkrp-ul" password="ervu-lkrp-ul" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
</Context>

12
config/create-databases.sh
View file

@ -1,12 +0,0 @@
#!/bin/bash
set -e
IFS=','
for databases in $WILDFLY_DATABASES
do
IFS=':' read name user password <<< $databases
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE USER $user WITH PASSWORD '$password';
CREATE DATABASE $name WITH OWNER $user;
EOSQL
done

24
config/dashboard.txt Normal file
View file

@ -0,0 +1,24 @@
#!/bin/bash
set -e
docker-compose -p %image_tag% build --build-arg env="%reverse.dep.*.build_mode%"
docker-compose -p %image_tag% up -d
container_id=$(docker-compose -p %image_tag% ps -q webbpm-app)
addr=%teamcity.agent.hostname%
port_web=$(docker-compose -p %image_tag% port webbpm-app 8080 | cut -d: -f2)
port_mgmt=$(docker-compose -p %image_tag% port webbpm-app 9990| cut -d: -f2)
port_debug=$(docker-compose -p %image_tag% port webbpm-app 8787| cut -d: -f2)
echo "Started container $container_id"
echo "Management URL: http://$addr:$port_mgmt/"
echo "Webapp URL: http://$addr:$port_web/%APP_PATH%"
echo "Debug URL: $addr:$port_debug"
echo "##teamcity[setParameter name='container_id' value='$container_id']"
echo "##teamcity[setParameter name='webapp_url' value='http://$addr:$port_web/%APP_PATH%']"
echo "Waiting until the app is deployed..."
# Wait until the app is deployed
timeout 600 bash -c "until curl -s -o /dev/null --fail http://${addr}:${port_web}/%APP_PATH%/ ; do sleep 1; done"

12
config/docker-compose.secdb.yaml
View file

@ -1,12 +0,0 @@
version: "3"
services:
secdb:
build:
context: .
dockerfile: Dockerfile.secdb
depends_on:
- db
env_file:
- testing.env
labels:
- "tmp=true"

28
config/docker-compose.selenoid.yaml
View file

@ -1,28 +0,0 @@
version: "3"
services:
selenoid:
network_mode: bridge
image: aerokube/selenoid:latest-release
container_name: "selenoid"
environment:
- OVERRIDE_VIDEO_OUTPUT_DIR=$PWD/video
volumes:
- ".:/etc/selenoid/:ro"
- "/var/run/docker.sock:/var/run/docker.sock"
- "./logs:/opt/selenoid/logs/"
- "./video/:/opt/selenoid/video/"
command: -session-attempt-timeout 1m -retry-count 3 -limit ${LIMIT:-4} -save-all-logs -log-output-dir /opt/selenoid/logs -video-output-dir /opt/selenoid/video
ports:
- "4444:4444"
selenoid-ui:
image: aerokube/selenoid-ui
container_name: "selenoid-ui"
network_mode: bridge
depends_on:
- selenoid
links:
- "selenoid:selenoid"
ports:
- "8080:8080"
command: --selenoid-uri http://selenoid:4444`

41
config/docker-compose.tests.yaml
View file

@ -1,41 +0,0 @@
version: "3"
services:
db:
ports:
- 5432:5432
environment:
- WILDFLY_DATABASES=app:app_user:apppassword,security:security_user:secpassword,jbpm:jbpm:jbpmpassword
webbpm-app:
env_file:
- testing.env
selenoid:
network_mode: bridge
image: aerokube/selenoid:latest-release
container_name: "selenoid"
environment:
- OVERRIDE_VIDEO_OUTPUT_DIR=$PWD/video
volumes:
- "$PWD:/etc/selenoid/:ro"
- "/var/run/docker.sock:/var/run/docker.sock"
- "$PWD/logs:/opt/selenoid/logs/"
- "$PWD/video/:/opt/selenoid/video/"
command: -session-attempt-timeout 1m -retry-count 3 -limit ${LIMIT:-4} -save-all-logs -log-output-dir /opt/selenoid/logs -video-output-dir /opt/selenoid/video
ports:
- "4444:4444"
depends_on:
- webbpm-app
selenoid-ui:
image: aerokube/selenoid-ui
container_name: "selenoid-ui"
network_mode: bridge
depends_on:
- selenoid
links:
- "selenoid:selenoid"
ports:
- "8080:8080"
command: --selenoid-uri http://selenoid:4444

25
config/docker-compose.yaml
View file

@ -1,31 +1,10 @@
version: "3"
services:
db:
image: postgres:15
volumes:
- ./create-databases.sh:/docker-entrypoint-initdb.d/create-databases.sh
command:
- "--max_prepared_transactions=100"
ports:
- 5432
environment:
- WILDFLY_DATABASES=security:security_user:secpassword,jbpm:jbpm:jbpmpassword
- POSTGRES_PASSWORD=supersecretpassword
labels:
- "tmp=true"
webbpm-app:
build:
context: .
dockerfile: Dockerfile
depends_on:
- db
dockerfile: Dockerfile.TC
ports:
- 9990
- 8080
- 8787
- 12345
env_file:
- testing.env
labels:
- "tmp=true"
- micord.env

48
config/entrypoint.sh
View file

@ -1,48 +1,6 @@
#! /bin/bash
set -e
function wait_for_server() {
until `$JBOSS_HOME/bin/jboss-cli.sh -c ":read-attribute(name=server-state)" 2> /dev/null | grep -q running`; do
echo "Retry ..."
done
}
. /etc/tomcat/tomcat.conf
. /etc/sysconfig/tomcat
echo "dump environment variables to env.properties file"
printenv > env.properties
echo "starting JBoss"
nohup $JBOSS_HOME/bin/standalone.sh --admin-only 1>&2 2>/dev/null &
# running system patches
wait_for_server
$JBOSS_HOME/bin/jboss-cli.sh --connect --file="./patches/system/init.cli" --properties=env.properties
$JBOSS_HOME/bin/jboss-cli.sh --connect --file="./patches/system/add-postgresql-driver.cli" --properties=env.properties
bash "./patches/system/add-demo-user.sh"
# running project patches
find ./patches/ -type f -name '*.cli' -not -path './patches/system/*' -print0 |
while IFS= read -r -d '' f; do
wait_for_server
echo "running $f"
$JBOSS_HOME/bin/jboss-cli.sh --connect --file="$f" --properties=env.properties
done;
find ./patches/ -type f -name '*.sh' -not -path './patches/system/*' -print0 |
while IFS= read -r -d '' f; do
wait_for_server
echo "running $f"
bash "$f"
done
echo "stopping JBoss"
wait_for_server
$JBOSS_HOME/bin/jboss-cli.sh --connect --command=:shutdown
if ! [[ -z $SERVER_START ]]; then
echo "starting JBoss in standalone"
sleep 10 # without this occurs error "address already in use"
/opt/jboss/wildfly/bin/standalone.sh -c standalone.xml -b 0.0.0.0 -bmanagement 0.0.0.0
else
echo "cleaning up JBoss logs"
rm -rf $JBOSS_HOME/standalone/log
fi
/usr/libexec/tomcat/server start

24
config/fl.txt Normal file
View file

@ -0,0 +1,24 @@
#!/bin/bash
set -e
docker-compose -p %image_tag% build --build-arg env="%reverse.dep.*.build_mode%"
docker-compose -p %image_tag% up -d
container_id=$(docker-compose -p %image_tag% ps -q webbpm-app)
addr=%teamcity.agent.hostname%
port_web=$(docker-compose -p %image_tag% port webbpm-app 8080 | cut -d: -f2)
port_mgmt=$(docker-compose -p %image_tag% port webbpm-app 9990| cut -d: -f2)
port_debug=$(docker-compose -p %image_tag% port webbpm-app 8787| cut -d: -f2)
echo "Started container $container_id"
echo "Management URL: http://$addr:$port_mgmt/"
echo "Webapp URL: http://$addr:$port_web/%APP_PATH%"
echo "Debug URL: $addr:$port_debug"
echo "##teamcity[setParameter name='container_id' value='$container_id']"
echo "##teamcity[setParameter name='webapp_url' value='http://$addr:$port_web/%APP_PATH%']"
echo "Waiting until the app is deployed..."
# Wait until the app is deployed
timeout 600 bash -c "until curl -s -o /dev/null --fail http://${addr}:${port_web}/%APP_PATH%/ ; do sleep 1; done"

7
config/micord.env Normal file
View file

@ -0,0 +1,7 @@
TZ=Europe/Moscow
# App datasource
DB_APP_USERNAME=ervu-lkrp-ul
DB_APP_PASSWORD=ervu-lkrp-ul
DB_APP_HOST=10.10.31.119
DB_APP_PORT=5432
DB_APP_NAME=ervu-lkrp-ul

3
config/patches/add-logger-database.cli
View file

@ -1,3 +0,0 @@
/subsystem=logging/logger=org.jooq.tools:add()
/subsystem=logging/logger=org.jooq.tools:write-attribute(name=level, value=DEBUG)
/subsystem=logging/logger=org.jooq.tools:add-handler(name=CONSOLE)

63
config/patches/default.cli
View file

@ -1,63 +0,0 @@
xa-data-source add \
--name=AppDS \
--enabled=true \
--driver-name=postgresql \
--jndi-name=java:/webbpm/AppDS \
--user-name=${env.DB_APP_USERNAME:app_user} \
--password=${env.DB_APP_PASSWORD:apppassword} \
--use-ccm=true \
--valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker \
--validate-on-match=false \
--background-validation=true \
--background-validation-millis=5000 \
--exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter \
--statistics-enabled=true \
--max-pool-size=50 \
--query-timeout=300 \
--xa-datasource-properties=ServerName=${env.DB_APP_HOST:db},PortNumber=${env.DB_APP_PORT:5432},DatabaseName=${env.DB_APP_NAME:app}
/system-property=ldap.mapping.login.param:add(value=${env.WEBBPM_LDAP_LOGIN_ATTR:uid})
/system-property=ldap.mapping.org.code.param:add(value=${env.WEBBPM_LDAP_ORGANIZATION_ATTR:ou})
/system-property=jboss.as.management.blocking.timeout:add(value=900)
/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=record-request-start-time,value=true)
/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add(pattern=%h %t "%r" %s %b %D)
/system-property=webbpm.cache.hazelcast.hosts:add(value="127.0.0.1")
/system-property=webbpm.cache.hazelcast.outbound_port_definitions:add(value="5801-5820")
/system-property=webbpm.security.session.active.count:add(value="20")
/system-property=gar.enable:add(value=false)
/system-property=security.password.regex:add(value="^((?=(.*\\d){1,})(?=.*[a-zа-яё])(?=.*[A-ZА-ЯЁ]).{8,})$")
/system-property=fias.enable:add(value=false)
/system-property=bpmn.enable:add(value=false)
/system-property=file.webdav.upload.url:add(value="https://ervu-webdav.k8s.micord.ru")
/system-property=file.webdav.upload.username:add(value="test")
/system-property=file.webdav.upload.password:add(value="test")
/system-property=av-kafka.send.message.topic.name:add(value="ervu.lkrp.download.request")
/system-property=av-kafka.send.url:add(value="http://10.10.31.11:32609")
/system-property=av-kafka.send.security.protocol:add(value="SASL_PLAINTEXT")
/system-property=av-kafka.sasl.mechanism:add(value="SCRAM-SHA-256")
/system-property=av-kafka.send.username:add(value="user1")
/system-property=av-kafka.send.password:add(value="Blfi9d2OFG")
/system-property=ervu.fileupload.max_file_size:add(value="5242880")
/system-property=ervu.fileupload.max_request_size:add(value="6291456")
/system-property=ervu.fileupload.file_size_threshold:add(value="0")
/system-property=esia-scopes:add(value="fullname, snils, id_doc, birthdate, usr_org, openid")
/system-property=esia-org-scopes:add(value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps")
/system-property=esia-org-scope-url:add(value="http://esia.gosuslugi.ru/")
/system-property=esia-uri.base-uri:add(value="https://esia-portal1.test.gosuslugi.ru/")
/system-property=esia-client-id:add(value="MNSV89")
/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")
/system-property=ervu-kafka.bootstrap-servers:add(value="localhost:9092")
/system-property=ervu-kafka.org-reply-topic:add(value="ervu.organization.response")
/system-property=ervu-kafka.group-id:add(value="1")
/system-property=ervu-kafka.org-request-topic:add(value="ervu.organization.request")
/system-property=ervu-kafka.reply-timeout:add(value="30")
/system-property=esnsi.okopf.cron.load:add(value="0 0 */1 * * *")
/system-property=esnsi.okopf.url:add(value="https://esnsi.gosuslugi.ru/rest/ext/v1/classifiers/11465/file?extension=JSON&encoding=UTF_8")
/system-property=ervu-kafka.send.security.protocol:add(value="SASL_PLAINTEXT")
/system-property=ervu-kafka.sasl.mechanism:add(value="SCRAM-SHA-256")
/system-property=ervu-kafka.send.username:add(value="user1")
/system-property=ervu-kafka.send.password:add(value="Blfi9d2OFG")
/system-property=ervu-kafka.journal-request-topic:add(value="ervu.organization.journal.request")
/system-property=ervu-kafka.journal-reply-topic:add(value="ervu.organization.journal.response")

1
config/patches/system/add-demo-user.sh
View file

@ -1 +0,0 @@
$JBOSS_HOME/bin/add-user.sh demo@example.com demo

5
config/patches/system/add-postgresql-driver.cli
View file

@ -1,5 +0,0 @@
/subsystem=datasources/jdbc-driver=postgresql:add( \
driver-name="postgresql", \
driver-module-name="org.postgresql", \
driver-xa-datasource-class-name="org.postgresql.xa.PGXADataSource" \
)

14
config/patches/system/init.cli
View file

@ -1,14 +0,0 @@
/system-property=webbpm.mode:add(value=production)
/system-property=authentication.method:add(value=form)
/subsystem=undertow/configuration=filter/gzip=gzipFilter:add()
/subsystem=undertow/server=default-server/host=default-host/\
filter-ref=gzipFilter:add(predicate="exists('%{o,Content-Type}') and regex(pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true)")
/subsystem=undertow/configuration=filter/response-header=vary-header:add(header-name="Vary", header-value="Accept-Encoding")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=vary-header:add()
/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=max-post-size,value=${env.MAX_POST_SIZE:104857600})
data-source remove --name=ExampleDS
/subsystem=ee/service=default-bindings:remove
/system-property=jboss.bind.address.management:add(value=0.0.0.0)
/system-property=jboss.bind.address:add(value=0.0.0.0)
module add --name=org.postgresql --resources=./patches/system/postgresql-driver.jar --dependencies=javax.api,javax.transaction.api
shutdown --restart

25
config/secdb.sql
View file

@ -1,25 +0,0 @@
INSERT INTO security.user_group(user_group_id, name, created, updated, access_level_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), 'Example', '2019-07-04 11:12:01.263+03', '2019-08-26 16:40:11.953+03', (SELECT access_level_id FROM security.access_level where level = 0)) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_group_user_role(link_user_group_user_role_id, user_group_id, user_role_id) SELECT uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_group_id FROM security.user_group where name = 'Example'), user_role_id FROM security.user_role WHERE name = 'Example' ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_group_user_role(link_user_group_user_role_id, user_group_id, user_role_id) SELECT uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_group_id FROM security.user_group where name = 'Demo'), user_role_id FROM security.user_role WHERE name = 'Example' ON CONFLICT DO NOTHING;
INSERT INTO security.user_group(user_group_id, name, created, updated, access_level_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), 'Example', '2019-07-04 11:12:01.263+03', '2019-08-26 16:40:11.953+03', (SELECT access_level_id FROM security.access_level where level = 0)) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_group_user_role(link_user_group_user_role_id, user_group_id, user_role_id) SELECT uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_group_id FROM security.user_group where name = 'Example'), user_role_id FROM security.user_role WHERE name = 'Example' ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_group_user_role(link_user_group_user_role_id, user_group_id, user_role_id) SELECT uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_group_id FROM security.user_group where name = 'Demo'), user_role_id FROM security.user_role WHERE name = 'Example' ON CONFLICT DO NOTHING;
INSERT INTO security.user_account(user_account_id, email, first_name, last_name, middle_name, created, updated, locked, org_unit_id, username) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), 'qa_test@micord.ru', 'Пользователь', 'Основной-Тестовый', NULL, '2020-01-20 08:41:25.526+03', '2020-01-20 09:57:07.25+03', false, (SELECT id from security.org_unit where code = 'DEFAULT'), 'qa_test') ON CONFLICT DO NOTHING;
INSERT INTO security.simple_credentials( user_account_id, password, password_expires, password_updated) VALUES ((SELECT user_account_id from security.user_account where username = 'qa_test'), '$2a$11$uTzaeewDp2NehwjmfRe/euxP.cy.4ecl5nYA.E5TV9AGjjDKdJwI2', NULL, '2020-01-20 05:41:25.746') ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'Security Admin')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'BPMN Superuser')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'BPMN Admin')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'Example')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'BPMN User')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_test'), (SELECT user_group_id FROM security.user_group where name = 'Demo')) ON CONFLICT DO NOTHING;
INSERT INTO security.user_account(user_account_id, email, first_name, last_name, middle_name, created, updated, locked, org_unit_id, username) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), 'qa_admin@micord.ru', 'qa_admin', 'qa_admin', NULL, '2020-01-20 08:41:25.526+03', '2020-01-20 09:57:07.25+03', false, (SELECT id from security.org_unit where code = 'DEFAULT'), 'qa_admin') ON CONFLICT DO NOTHING;
INSERT INTO security.simple_credentials( user_account_id, password, password_expires, password_updated) VALUES ((SELECT user_account_id from security.user_account where username = 'qa_admin'), '$2a$11$Zzmuga/xw1c1UnUe9nP9c.aqJ2O.OAI/AbmphOm2jurxMI0S6VAcy', NULL, '2020-01-20 05:41:25.746') ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'Security Admin')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'BPMN Superuser')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'BPMN Admin')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'Example')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'BPMN User')) ON CONFLICT DO NOTHING;
INSERT INTO security.link_user_account_user_group(link_user_account_user_group_id, user_account_id, user_group_id) VALUES (uuid_in(md5(random()::text || now()::text)::cstring), (SELECT user_account_id from security.user_account where username = 'qa_admin'), (SELECT user_group_id FROM security.user_group where name = 'Demo')) ON CONFLICT DO NOTHING;

37
config/testing.env
View file

@ -1,37 +0,0 @@
# Security datasource
DB_SEC_USERNAME=ervu-lkrp-ul-sec
DB_SEC_PASSWORD=ervu-lkrp-ul-sec
DB_SEC_HOST=10.10.31.119
DB_SEC_PORT=5432
DB_SEC_NAME=ervu-lkrp-ul
# App datasource
DB_APP_USERNAME=ervu-lkrp-ul
DB_APP_PASSWORD=ervu-lkrp-ul
DB_APP_HOST=10.10.31.119
DB_APP_PORT=5432
DB_APP_NAME=ervu-lkrp-ul
# jBPM datasorce
DB_JBPM_USERNAME=jbpm-ervu-ul
DB_JBPM_PASSWORD=jbpm-ervu-ul
DB_JBPM_HOST=10.10.31.119
DB_JBPM_PORT=5432
DB_JBPM_NAME=jbpm-ervu-ul
# Elasticsearch
WEBBPM_ELASTIC_HOST=
WEBBPM_ELASTIC_USER_PASSWORD=
# LDAP
WEBBPM_LDAP_URL=
WEBBPM_LDAP_BASE=
WEBBPM_LDAP_USER=
WEBBPM_LDAP_PASSWORD=
WEBBPM_LDAP_SYNC_ENABLED=false
WEBBPM_LDAP_SYNC_CRON=0 0 * * * *
WEBBPM_LDAP_LOGIN_ATTR=uid
WEBBPM_LDAP_ORGANIZATION_ATTR=ou
# JIRA
WEBBPM_JIRA_URL=https:/jira.com
WEBBPM_JIRA_USER=jiraUser
WEBBPM_JIRA_PASSWORD=jiraPass
TZ=Europe/Moscow
WEBBPM_TELEGRAM_BOT_TOKEN=
WEBBPM_TELEGRAM_BOT_NAME=

5
config/tomcat/tomee/bin/setenv.sh → config/tomcat/etc/tomcat/conf.d/db.conf Executable file → Normal file
View file

@ -1,9 +1,8 @@
#!/usr/bin/env bash
export JAVA_OPTS="$JAVA_OPTS \
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS \
-Ddb.app.host=${DB_APP_HOST:-db} \
-Ddb.app.port=${DB_APP_PORT:-5432} \
-Ddb.app.name=${DB_APP_NAME:-app} \
-Ddb.app.username=${DB_APP_USERNAME:-app_user} \
-Ddb.app.password=${DB_APP_PASSWORD:-apppassword} \
"
export JDK_JAVA_OPTIONS

2
config/tomcat/tomee/conf/context.xml → config/tomcat/etc/tomcat/context.xml
View file

@ -29,7 +29,7 @@
<Manager pathname="" />
-->
<Resource name="java:/webbpm/AppDS" auth="Container"
<Resource name="webbpm/AppDS" auth="Container"
type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://${db.app.host}:${db.app.port}/${db.app.name}"
username="${db.app.username}" password="${db.app.password}" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>

0
config/tomcat/tomee/conf/tomcat-users.xml → config/tomcat/etc/tomcat/tomcat-users.xml
View file

52
config/tomcat/etc/tomcat/tomcat.conf Normal file
View file

@ -0,0 +1,52 @@
# System-wide configuration file for tomcat services
# This will be loaded by systemd as an environment file,
# so please keep the syntax. For shell expansion support
# place your custom files as /etc/tomcat/conf.d/*.conf
#
# There are 2 "classes" of startup behavior in this package.
# The old one, the default service named tomcat.service.
# The new named instances are called tomcat@instance.service.
#
# Use this file to change default values for all services.
# Change the service specific ones to affect only one service.
# For tomcat.service it's /etc/sysconfig/tomcat, for
# tomcat@instance it's /etc/sysconfig/tomcat@instance.
# This variable is used to figure out if config is loaded or not.
TOMCAT_CFG_LOADED="1"
# In new-style instances, if CATALINA_BASE isn't specified, it will
# be constructed by joining TOMCATS_BASE and NAME.
TOMCATS_BASE="/var/lib/tomcats/"
# Where your java installation lives
JAVA_HOME="/usr/lib/jvm/jre"
# Where your tomcat installation lives
CATALINA_HOME="/usr/share/tomcat"
# System-wide tmp
CATALINA_TMPDIR="/var/cache/tomcat/temp"
# You can pass some parameters to java here if you wish to
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib"
# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
#JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
# You can change your tomcat locale here
#LANG="en_US"
# Run tomcat under the Java Security Manager
SECURITY_MANAGER="false"
# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
# TimeoutStopSec in tomcat.service.
# If you wish to further customize your tomcat environment,
# put your own definitions here
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

5
config/tomcat/tomee/conf/webbpm.properties → config/tomcat/etc/tomcat/webbpm.properties
View file

@ -1,4 +1,5 @@
# WebBPM properties
#
authentication.method=form
@ -6,6 +7,8 @@ bpmn.enable=false
fias.enable=false
gar.enable=false
mail.jndi.resource.name=
reset_password.mail.template.path=mail/reset_password.html
security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$
@ -48,4 +51,4 @@ esnsi.okopf.cron.load=0 0 */1 * * *
ervu-kafka.send.security.protocol=SASL_PLAINTEXT
ervu-kafka.sasl.mechanism=SCRAM-SHA-256
ervu-kafka.send.username=user1
ervu-kafka.send.password=Blfi9d2OFG
ervu-kafka.send.password=Blfi9d2OFG

0
config/tomcat/tomee/webapps/manager/META-INF/context.xml → config/tomcat/var/lib/tomcat/webapps/manager/META-INF/context.xml
View file

2
frontend/src/ts/esia/OrgDataRoot.ts
View file

@ -15,7 +15,7 @@ export class OrgDataRoot extends Behavior{
let orgScripts: OrgData[] = this.container.getScriptsInThisAndChildren(OrgData);
let httpClient = this.injector.get(HttpClient);
let cookieService = this.injector.get(CookieService);
if (cookieService.get("is_auth")) {
if (cookieService.get("webbpm.ervu-lkrp-ul")) {
httpClient.get<OrgInfoModel>("esia/org")
.toPromise()
.then(orgInfoModel => {

2
frontend/src/ts/modules/app/component/logout.component.ts
View file

@ -43,7 +43,7 @@ export class LogOutComponent implements OnInit{
}
public getIsAuth(): boolean {
return this.cookieService.get("is_auth") != null;
return this.cookieService.get("webbpm.ervu-lkrp-ul") != null;
}
public getOrgUnitName(): string {

2
frontend/src/ts/modules/security/guard/auth.guard.ts
View file

@ -56,6 +56,6 @@ export abstract class AuthGuard implements CanActivate {
};
public getIsAuth(): string {
return this.cookieService.get('is_auth');
return this.cookieService.get('webbpm.ervu-lkrp-ul');
}
}

71
pom.xml
View file

@ -101,6 +101,22 @@
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-adapter</artifactId>
</exclusion>
<exclusion>
<groupId>ru.micord.fias</groupId>
<artifactId>client</artifactId>
</exclusion>
<exclusion>
<groupId>ru.micord.gar</groupId>
<artifactId>gar-client</artifactId>
</exclusion>
<exclusion>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-spring</artifactId>
</exclusion>
<exclusion>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-provider-jdbc-template</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
@ -177,11 +193,6 @@
<version>${webbpm-platform.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-beans</artifactId>
<version>${webbpm-platform.version}</version>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-api</artifactId>
@ -275,21 +286,6 @@
<version>${webbpm-platform.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-esia</artifactId>
<version>${webbpm-platform.version}</version>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-db-synchronization-api</artifactId>
<version>${webbpm-platform.version}</version>
</dependency>
<dependency>
<groupId>ru.cg.webbpm.modules.security</groupId>
<artifactId>security-db-synchronization-ldap-impl</artifactId>
<version>${webbpm-platform.version}</version>
</dependency>
<dependency>
<groupId>ru.cg.webbpm</groupId>
<artifactId>web-tests-core</artifactId>
@ -305,16 +301,6 @@
<artifactId>bcpkix-jdk15on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security.kerberos</groupId>
<artifactId>spring-security-kerberos-core</artifactId>
<version>${spring-security-kerberos.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security.kerberos</groupId>
<artifactId>spring-security-kerberos-web</artifactId>
<version>${spring-security-kerberos.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
@ -356,6 +342,31 @@
<artifactId>slf4j-simple</artifactId>
<version>1.7.28</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.13</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j2-impl</artifactId>
<version>2.23.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.23.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jul</artifactId>
<version>2.23.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-web</artifactId>
<version>2.23.1</version>
</dependency>
</dependencies>
</dependencyManagement>
<repositories>