in hibernate.cfg.xml follow the directions to comment out the user,group and membership objects.

Then, you can just delegate the security to your application container and manage access using the container's built in security mechanism.

A lot can be discussed about when you should do this and when you should not. It seems to me that because jbpm is really just a jar, a lot of time you can rely on the app server for security.

<!-- following mapping files have a dependendy on -->
 <!-- 'jbpm-identity-{version}.jar', mapping files -->
 <!-- of the pluggable jbpm identity component. -->
 <!-- comment out the following 3 lines if you don't-->
 <!-- want to use the default jBPM identity mgmgt -->
 <!-- component -->
 <mapping resource="org/jbpm/identity/User.hbm.xml"/>
 <mapping resource="org/jbpm/identity/Group.hbm.xml"/>
 <mapping resource="org/jbpm/identity/Membership.hbm.xml"/>

Yep, this is exactely the answer to your question how to rip it out. It does not answer the probably next question on how to implement your own...

Relying on the appserver for logging in etc... is indeed simple. The identity component does a little more. It is used in the default assignment expressions. So if you delete it, you have to build assignment handlers if things are needed OR implement your own identity component with the same api as the jbpm identity component and activate it in some way (I have no idea how to)

Extending the ExpressionAssignmentHandler is indeed one thing to implement. Replacing the existing one is another.

The reason it was probably not answered may have to do that if the source is used (a very good source of information), you will see a limited number of references and a conclusion could be very easy to draw:

Currently, from what I FOUND, it is not configurable, at least not without adapting the source. The file org.jbpm.jpdl.xml.JpdlXmlReader contains a fixed reference to the default ExpressionAssignmentHandler :

assignmentDelegation.setClassName("org.jbpm.identity.assignment.ExpressionAssignmentHandler");

If you look at my post over there:

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72818

I explain how I implemented assignment to use the user/role info from our app.

We're not using swinlanes though and not the example webap either.

Also, this was more than 8 months ago so I don't know how much has changed since 3.0 on that front.

I'd also be happy to get opinions on wether this is a good way to do it, if you see any potential problems, etc. Thanks!

(p.s. A little note on the forum search. A search for all posts by author "m_ok" did not return the above post. Strange...)

Forgot to use the url tags:

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72818

m_ok,

What you did is not wrong, it is just another way of doing assignments. I myself do not want to have to add these handlers to every task. That is what we are focussing on and that is what making this configurable is for.

maybe this can work?

I modified JpdlXmlReader to use definition of service in jbpm.cfg.xml
(still use original fix assignment if no value specified)

JpdlXmlReader

 if (expression!=null){
 assignmentDelegation.setProcessDefinition(processDefinition);
 if (JbpmConfiguration.getInstance().getServiceFactory("Identity") != null)
 assignmentDelegation.setClassName(JbpmConfiguration.getInstance().getServiceFactory("Identity"));
 else
 assignmentDelegation.setClassName("org.jbpm.identity.assignment.ExpressionAssignmentHandler");
 assignmentDelegation.setConfiguration("<expression>"+expression+"</expression>");

 } else {

<jbpm-configuration>
 <jbpm-context>
 ...
 <service name="identity" factory="it.xxx.yyy.ExpressionAssignmentHandler" />
 </jbpm-context>

I have opened a new enhancement:
http://jira.jboss.com/jira/browse/JBPM-769