1 2 Previous Next 16 Replies Latest reply on Oct 27, 2009 1:17 PM by jimdwyer

    Custom Authentication/Identity Module

    harish_here

      Hi,
      We are planning to use jBPM for the workflow management for our web application. However, we want to use single repository for Users and Roles for both jBPM and web application (we do have other tools).

      How can we achieve this ? As i read jBPM documentation, i understand that Identity Module has been seperated exactly for this purpose. But i couldn't find further documentation on how to configure jBPM authentication and fetch users/roles list from LDAP or web-app database.

      Can you please help in this regard.

        • 1. Re: Custom Authentication/Identity Module
          salaboy21

          I have a post about that topic, but is in Spanish...
          you can use translate.google.com to translate it to english.. and then tell me if you understand

          http://salaboy.wordpress.com/2008/11/05/jugando-con-jbpm-15-identity-component/

          • 2. Re: Custom Authentication/Identity Module
            harish_here

            Thanks. So, Here is my understanding:

            I need to create a custom Identity Session class which will implement IdentitySession and ExpressionSession interfaces. I have to then create custom class extending ExpressionAssignmentHandler in which i've to override getExpressionSession method to return my custom IdentitySession class.

            The question is how to make jBPM use my custom "ExpressionAssignmentHandler" class. Also, if I want to use LDAP is there a library (IdentitySession class) already available?

            • 3. Re: Custom Authentication/Identity Module
              salaboy21

              yes... there is something like you are saying...

              There is not a solution available for LDAP users.. i think.. Ronald may know something...

              But if not.. we can do it together if you want..
              Let me know..

              • 4. Re: Custom Authentication/Identity Module
                harish_here

                Definitely we can work together.
                But again, the question is how to make jBPM use my custom "ExpressionAssignmentHandler" class.

                • 5. Re: Custom Authentication/Identity Module
                  salaboy21

                  I was looking for your answer (in jbpm 3.2.3) and I find this block of code:

                  if (expression!=null){
                   assignmentDelegation.setProcessDefinition(processDefinition);
                   assignmentDelegation.setClassName("org.jbpm.identity.assignment.ExpressionAssignmentHandler");
                   assignmentDelegation.setConfiguration("<expression>"+expression+"</expression>");
                  
                   }
                  


                  This code is in the JpdlXmlReader.java, that is a core class that take the XML and create the processDefinition Object. The method is:

                  protected Delegation readAssignmentDelegation(Element assignmentElement)
                  


                  So I think that you must recompile the entire jbpm-jpdl.jar to change this Handler, with your extended handler implementation.

                  This is really a bad news for me.. because there is no other way to set it.. (someone know another??) but I think is right because is a core property, but there are no really flexible way to change it.. I hope to be wrong about that.



                  • 6. Re: Custom Authentication/Identity Module
                    salaboy21

                    sorry about that post.. I was really wrong!!
                    This is because i do a fast search and a fast reply...
                    You can change your ExpressionAssignmentHandler by putting your extended ExpressionAssignmentHandler(MyExpressionAssignmentHandler) in the class attribute in the assignment tag.

                    Take a look at this and let me know if you can make some tests.

                    Hope it helps

                    • 7. Re: Custom Authentication/Identity Module
                      harish_here

                      I was trying to build this and came across a bigger question. How is Identity module used in jBPM?

                      I created a simple task and assigned it to an actor "abc" which does not exist in JBPM_ID_USER table. I'm able to initiate tht process and when i query for tasks of actor "abc" i get the task list too. So, jBPM essentially is not checking whether the user exists or is valid? I'm confused now on how jBPM uses User data.

                      • 8. Re: Custom Authentication/Identity Module
                        salaboy21

                        the jBPM Identity Component is only for testing.. and has the minimal structure to use users and groups.

                        The jBPM core is totally decoupled from the identity, the only relationship with identities are actorId and pooledActors that are both strings. Because of this, you can set any ID in the actorId property, because it is a simple string.

                        So, to make it work, in you assignments handlers you must ensure that your custom identity component set the right string in the actorId or pooledActors property.



                        • 9. Re: Custom Authentication/Identity Module
                          harish_here

                          hmm...
                          OK, so in my scneario we are using web application which makes jBPDL API's call to retreive worklist, to initiate workflow, etc ... So, practically i don't need any user to be pre-configured in jBPM to do this. All i need is to create process definition, assign task to users in jBPM. These users may or may not exist in web-apps application.
                          Since all my users are authenticated in my web-app and i'm using jBPM only thru web-apps there is no need for authentication or creation of users, roles in jBPM.

                          Is my understanding correct ?

                          • 10. Re: Custom Authentication/Identity Module
                            cecchisandrone

                             

                            "salaboy21" wrote:
                            sorry about that post.. I was really wrong!!
                            This is because i do a fast search and a fast reply...
                            You can change your ExpressionAssignmentHandler by putting your extended ExpressionAssignmentHandler(MyExpressionAssignmentHandler) in the class attribute in the assignment tag.

                            Take a look at this and let me know if you can make some tests.

                            Hope it helps


                            Salaboy, I tryed as you say but it doesn't work (CustomClass is ignored).

                             <task name="PrivateTask">
                             <assignment class="com.sample.CusstomExpressionAssignmentHandler" expression="group(admin)"></assignment>
                             </task>
                            


                            • 11. Re: Custom Authentication/Identity Module
                              kukeltje

                              you have to pass the atritubte containing the expression in a way that is identical to all other actionhandlers.

                              So something like

                              <task name="PrivateTask">
                               <assignment class="com.sample.CusstomExpressionAssignmentHandler" >
                               <expression>group(admin)</expression>
                               </assignment>
                              </task>
                              


                              and make sure the expressin is a field in the CustomExpressionAssignmentHandler



                              • 12. Re: Custom Authentication/Identity Module
                                jimdwyer

                                Is this the same for jBPM4? Has anybody done this for jBPM4? Are there examples?

                                • 13. Re: Custom Authentication/Identity Module
                                  kukeltje

                                  there are examples in the distribution. In the examples directory.

                                  • 14. Re: Custom Authentication/Identity Module
                                    jimdwyer

                                    I didn't see any jBPM examples. Can you post the link?

                                    1 2 Previous Next