7 Replies Latest reply on Feb 17, 2012 6:33 AM by jbize

    jBPM Users and Roles using JEE security

    jbize

      Hello,

       

      My last request for help received no replies, so I hope this product isn't dead.  Is it dead or dying?  Is it being replaced by Activiti?

       

      I am still trying to use jBPM 5.2 in an existing application with a variety of technologies including Spring 3.1 and JEE realm security.

       

      The users are authenticated and authorized via the realm.  The users are not pre-provisioned or managed within the application (database).  I want to equate the users roles (as in web.xml security-role) to swimlanes.  (I presume that is the correct association.)  Can that be done?  If so, how?

       

      When a user in a particular role (as in .isUserInRole()) opens a particular page, he will see the "inbox" for all users in that role.  After he completes the activity, the process will move on to the next user Task and will show up in any inboxes for it's role.  Does this make sense?

       

      Thanks,

      John

        • 1. Re: jBPM Users and Roles using JEE security
          salaboy21

          The project is not dead, and it's quite active indeed. You can take a look a the source code that is evolving day after day.

          You can achieve what you are looking for using the UserCallbacks, you can take a look at an example using LDAP here, in your case it will be the same but for the JEE realm.

          https://github.com/Salaboy/jBPM5-Developer-Guide/tree/master/chapter_06/jBPM5-Ldapcallback

           

          Cheers

          1 of 1 people found this helpful
          • 2. Re: jBPM Users and Roles using JEE security
            jbize

            Thanks Mauricio,

             

            I believe you're saying I have to impliment the UserGroupCallback interface and register that class with the UserGroupCallbackManager singleton.  Is that correct?  Is that only for the MinaTaskServer?

             

            The JEE security occurrs in the context of a user session, so in that context, I can't obtain the user and group information for a different user, only the authenticated user.

             

            (If there's no other way, my authentication provider does have an available RESTful API that I can use if necessary.  I would prefer not to if I don't have to.)

             

            But let me backup.  We have a single application on a single application server.  It would be preferable to not have to use an external (Mina) task server.  Is there a way to do this entirely within the session context?  If not, is there a way to do this entirely within the one application (WAR) without exposing an external Mina Server?

             

            Thanks,

            John

            • 3. Re: jBPM Users and Roles using JEE security
              salaboy21

              It should work with also a local version of the task server. you can start a local task server inside your application and use that to interact without the need of using the Mina Server at all..

              You can also expose the task server bean as a JNDI resourse so multiple applications can use it if it's needed (it's a common requirement to share the task server across different applicaitons that will be running processes or creating tasks).

               

              Usually what you need to build is a task list oriented UIs. I'm not sure to understand correctly your example. The user that is logged in should see his/her own tasks (or the one belonging to it's group). If you want to see another user tasks you need to loggin with a different user (a common requirement as well).

               

              If you can provide a simple application/test that shows and setup the JEE realm with some mock users we can help you to improve it as long as we can have a generic example like the LDAP one.

               

              Cheers

              • 4. Re: jBPM Users and Roles using JEE security
                jbize

                Thanks again Mauricio,

                 

                Unfortunately, my work environment is not on the Internet.  My internet access is via an email/browser station with very limited functionality.  Just importing files from the Internet is a tedious, administrative, and time consuming process.  Exporting to the Internet is nearly impossible; I'm afraid I can't provide any code. I am using jBPM version 5.2.0.Final. 

                 

                I appreciate being able to expose the task server bean as a JNDI resource, but for now, our plan is to have our one app be the one-stop-shop. 

                 

                I see the LocalTaskService and LocalHumanTaskService classes in the org.jbpm.task.service.local package.  Are these the classes I need to start a local task server inside my application?  If so, I'll try to Google for examples.  Are they independant, or do I need both?  Will I still interact via a TaskClient? 

                 

                Can I do this and still use the custom UserGroupCallback?

                 

                I'm sorry I was confusing about the user session info.  The JEE realm will not provide me any information beyond HttpServletRequest.getRemoteUser(), and HttpServletRequest.isUserInRole("role_name").  The application/database doesn't know about provisioned users, it only knows the identity string of the current user within the context of a user's session.  (It does know about roles/groups, as membership requirements are all over the application, granting access to pages, data, resources, etc.)  So, in a session scoped bean, I could implement the UserGroupCallback as long as the only user was the current user.  I suspect that won't be possible however, and I'll have to go outside the realm and use the external RESTful interface.  I hope that's more understandable.

                • 5. Re: jBPM Users and Roles using JEE security
                  jbize

                  I appreciate your trying to help Mauricio. 

                   

                  Unfortunately, I can't find any working examples.  It appears that either the posts I find refer to oldversions, or when people are asked to provide more information, they do and the threads simply die there.

                   

                  I don't believe there is a way to use Spring for any of the configuration, and I haven't found a working combination of configuration and code.

                   

                  I'll open a new thread.

                  • 6. Re: jBPM Users and Roles using JEE security
                    salaboy21

                    You can find any working example of what?

                    Did you try the LDAP example and replicate that for the JEE realm?

                    Cheers

                    • 7. Re: jBPM Users and Roles using JEE security
                      jbize

                      I can't find any working examples of using a LocalTaskService (and/or LocalHumanTaskService) in a Spring3 web application.  I'd need to get that working with a simple (e.g. demo) workflow before I can look at the UserGroupCallback.  I don't think anyone has been successful with that.

                       

                      Thanks.