The Alfresco Process SDK includes APIs and samples that allows developers to quickly build Java applications that integrate with APA.
This SDK provides functionality to connect to Cloud-based servers. APA version 7.x and above are supported.
The APIs contained within have been generated using Swagger Codegen from the public API definitions.
The Alfresco Process SDK consists of these parts:
- The main API (alfresco-apa-java-rest-api) allows applications to consume APA public REST APIs.
- The samples folder includes a sample application configured to use the SDK. This has a
docker-compose
file and scripts that allows you to build and run the application. See README for more details. - Common logic for REST APIs (primarily for authentication)
It's recommended to create an instance of ApiClient
per thread in a multithreaded environment to avoid any potential issues.
This section contains the steps required for using the SDK with Spring.
- Java version 17 or higher
- Maven version 3.3 or higher
First, add to the repositories the Alfresco public repository containing the artifacts:
<repositories>
<repository>
<id>alfresco-public</id>
<url>https://artifacts.alfresco.com/nexus/content/groups/public</url>
</repository>
</repositories>
Then, add the dependency on the APA starter
<dependencies>
<!-- APA Java REST APIs -->
<dependency>
<groupId>org.alfresco</groupId>
<artifactId>alfresco-apa-java-rest-api-spring-boot-starter</artifactId>
<version>{version-number}</version>
</dependency>
</dependencies>
First, add to the repositories the Alfresco public repository containing the artifacts:
repositories {
maven {
url "https://artifacts.alfresco.com/nexus/content/groups/public"
}
}
Then, add the dependency on the starter
compile "org.alfresco:alfresco-apa-java-rest-api-spring-boot-starter:{version-number}"
In your application.yml
file you can configure settings related to the content service repository, authentication mechanism, and credentials for accessing the REST API:
content:
service:
url: https://repository:8080
security:
basicAuth:
username: username-here
password: password-here
If you are using OAuth2, you can use client-credential based authentication:
spring
security:
oauth2:
client:
registration:
alfresco-rest-api:
provider: alfresco-identity-service
client-id: clientId
client-secret: clientSecret
authorization-grant-type: client_credentials
provider:
alfresco-identity-service:
token-uri: ${keycloak.auth-server-url}/auth/realms/${keycloak.realm}/protocol/openid-connect/token
Or OAuth2 password based authentication:
spring:
security:
oauth2:
client:
registration:
alfresco-rest-api:
provider: alfresco-identity-service
client-id: clientId
client-secret: clientSecret
username: username-here
password: password-here
authorization-grant-type: password
provider:
alfresco-identity-service:
token-uri: ${keycloak.auth-server-url}/auth/realms/${keycloak.realm}/protocol/openid-connect/token
Additionally, if you want to provide a custom authentication mechanism, you can enable the delegated external authentication:
content:
service:
security:
delegated: true
And provide a bean that implements the interface DelegatedAuthenticationProvider
.
Here are some settings you may need to configure in your Application configuration file before using the SDK
keycloak:
auth-server-url: http://example.com/auth}
principal-attribute: ${ACT_KEYCLOAK_PRINCIPAL_ATTRIBUTE:preferred-username}
public-client: ${ACT_KEYCLOAK_CLIENT:true}
realm: ${ACT_KEYCLOAK_REALM:springboot}
resource: ${ACT_KEYCLOAK_RESOURCE:activiti}
security-constraints:
- authRoles:
- ${ACT_KEYCLOAK_ROLES:user}
securityCollections:
- patterns:
- ${ACT_KEYCLOAK_PATTERNS:/v1/*}
- authRoles:
- ${admin-role-name}
securityCollections:
- patterns:
- /admin/*
ssl-required: ${ACT_KEYCLOAK_SSL_REQUIRED:none}
activiti:
service:
query:
url: https://example.com
path: /example-app/query
runtime:
url: https://example.com
path: /example-app/rb
form:
url: https://example.com
path: /example-app/form
audit:
url: https://example.com
path: /example-app/audit
deployment:
url: https://example.com
path: /deployment-service
modeling:
url: https://example.com
path: /modeling-service
process-storage:
url: https://example.com
path: /process-storage
authentication:
service:
url: ${AUTHENTICATION_RUNTIME_URL:http://example.com}
path: ${AUTHENTICATION_PATH:/alfresco/api/-default-/public/alfresco/versions/1}
process:
service:
url: ${PROCESS_SERVICE_URL:http://example.com}
path: ${PROCESS_SERVICE_PATH:/alfresco/api/-default-/public/alfresco/versions/1}
-
Add to your main Spring application
@EnableFeignClients(basePackages = {"com.alfresco.core.handler", "com.alfresco.activiti.handler", "com.alfresco.search.handler", "com.alfresco.auth.handler"}) public class SampleApplication { }
-
Copy the class in the folder config/FeignConfiguration.java in your project In order to resolve the references in FeignConfiguration you will need the following
<dependencies>
<dependencies> <dependency> <groupId>org.activiti.cloud</groupId> <artifactId>activiti-cloud-api-process-model-impl</artifactId> <version>version-here</version> </dependency> <dependency> <groupId>org.activiti.cloud</groupId> <artifactId>activiti-cloud-api-task-model-impl</artifactId> <version>version-here</version> </dependency> <dependency> <groupId>org.activiti</groupId> <artifactId>activiti-api-runtime-shared</artifactId> <version>version-here</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> </dependency> <dependency> <groupId>com.fasterxml.jackson.datatype</groupId> <artifactId>jackson-datatype-jsr310</artifactId> </dependency> </dependencies>
-
If you are using keycloak you must include also the following:
<dependencies> <dependency> <groupId>org.activiti.cloud</groupId> <artifactId>activiti-cloud-services-common-security</artifactId> <version>version-here</version> </dependency> </dependencies>
To see how classes within the SDK can be used to call APIs, refer to this example
You can check the documentation here: https://github.com/OpenFeign/feign
It is not necessary to build the SDK in order to use it. You can instead reference the released version of the sdk by following the instructions above.
If you still intend to build it, follow these instructions:
- Java version 17 or higher
- Maven version 3.3 or higher
- An APA environment with a deployed application from which to fetch the API definitions
In order to build the SDK for the first time you will need access to a running APA environment. This is necessary in order to retrieve the API definitions.
You can either set the necessary environment variables ahead of time, or include them with the build command.
Setting in advance:
MAVEN_CLI_OPTS="${MAVEN_CLI_OPTS} -Denvironment.host=your-installed-environment-host"
MAVEN_CLI_OPTS="${MAVEN_CLI_OPTS} -Denvironment.apa.host=your-installed-apa-environment-host"
MAVEN_CLI_OPTS="${MAVEN_CLI_OPTS} -Denvironment.application.name=your-deployed-APA-application-name"
MAVEN_CLI_OPTS="${MAVEN_CLI_OPTS} -U"
export MAVEN_CLI_OPTS
Included on command line:
mvn clean install -Denvironment.host=your-installed-environment-host -Denvironment.apa.host=your-installed-apa-environment-host -Denvironment.application.name=your-deployed-APA-application-name
This will generate the source code for the APA REST API clients first, then it will compile all the modules and run the corresponding unit and integration tests.
If you want to skip the generation of the REST API clients code, you can do so by setting the maven property skip.generation
:
mvn clean install -Dskip.generation
However, you must build the project at least once without skipping the generation step in order to compile the SDK. From that point, you can skip the generation step if unneeded.
Modules in this repo use the following Maven plugins to perform licensing related tasks:
- com.mycila:license-maven-plugin is used for checking and updating the license header on all applicable files. This is typically done at the beginning of a new year.
- org.codehaus.mojo:license-maven-plugin is used to manage third party licenses. Specifically generating a report of all licenses used by dependencies.
Since these plugins have the same name (excluding the groupId), running them requires qualifiying the goal with the full name.
To check that the license header is consistent across all source files, run this command:
mvn com.mycila:license-maven-plugin:check
If any source files have a modified or missing license header, this goal will fail.
To fix the license header on all source files, run this command:
mvn com.mycila:license-maven-plugin:format
Any files that did not have the correct header will be reformatted and appear in your unstaged changes.
You can use this command to update the license header when the Copyright year should be updated. Before running the format goal, modify pom.xml with the current year:
<properties>
<project.year>year-here</project.year>
</properties>
See the plugin documentation for all possible goals.
To list all third party licenses across all modules, the following command can be used:
mvn org.codehaus.mojo:license-maven-plugin:aggregate-third-party-report
This will create a file located at .\target\site\aggregate-third-party-report.html
, which contains a list of the licenses for all dependencies for all modules.
Additionally, per-module text-based reports can be created with this command:
mvn org.codehaus.mojo:license-maven-plugin:add-third-party
For each module a file will be created at target\generated-sources\license\THIRD-PARTY.txt
See the plugin documentation for all possible goals.
Running on GH Actions.
For Dependabot PRs to be validated by CI, the label "CI" should be added to the PR.
Requires the following variables to be set:
Name | Description |
---|---|
ENVIRONMENT_APA_HOST | URL of APA environment to use for SDK generation |
ENVIRONMENT_APP | Name of the app within the environment to use for SDK generation |
ENVIRONMENT_HOST | Base URL of environment to use for SDK generation |
Requires the following secrets to be set:
Name | Description |
---|---|
BOT_GITHUB_TOKEN | Token to launch other builds on GH |
BOT_GITHUB_USERNAME | Username to issue propagation PRs |
DOCKER_USERNAME | Docker Hub repository username |
DOCKER_PASSWORD | Docker Hub repository password |
NEXUS_USERNAME | Internal Maven repository username |
NEXUS_PASSWORD | Internal Maven repository password |
QUAY_USERNAME | Quay.io docker registry username |
QUAY_PASSWORD | Quay.io docker registry password |
SLACK_NOTIFICATION_BOT_TOKEN | Token to notify slack on failure |
The release process is partially automated using the release workflow.
This workflow creates a release branch, updates the version in the pom.xml
files, and creates a PR for the release branch.
To create a release, follow these steps:
- Run workflow mentioned above.
- Add any label into generated PR to trigger check run.
- Merge the PR if no issues are found.
- Check if new github release and tag is created.