-
1. Re: Authentication to jBPM
koen.aers Mar 30, 2006 1:28 PM (in response to lymit)You can use all those frameworks. jBPM does not rely on any authentication framework in particular. Make the authenticated user known to jBPM after the authentication using the JbpmContext.setActorId() method.
Regards,
Koen -
2. Re: Authentication to jBPM
michaelholtzman Mar 30, 2006 2:35 PM (in response to lymit)I am doing that (settng the authenticated user id with JbpmContext.setActorId())
However, when I pull the logs, the actorId field is always null. I've combed through the source, and I don't see anyway to record the current authenticated actor in the log record (i.e., ProcessLog).
For example, I need the log to reflect the user who (for example) completed a task instance, started a process instance, etc.
Thanx for any help. -
3. Re: Authentication to jBPM
jbpmndc Mar 30, 2006 2:55 PM (in response to lymit)I've thought about authentication and authorization.
It seems you can usually protect the system using authentication module for the existing application (e.g. JAAS, ACEGI). But, if you are developing a highly sensitive system, you may want to add an additional layer of security. With the additional layer, if someone can connect to the system and has processId's (highly unlikely), you can prevent the system from unauthorized activity.
In general, it seems you don't need the authentication and authorization that comes with jbpm. My 2 cents.