jbpm6.1 Human Task authorization fails with LDAP
Hi -
Running process from the classpath,
When user perform HumanTask operations with specifying the user details (hardcoding user name in the process file’s ACTOR field) for each task, able to execute Human Task operations.
Same user details if removed from the process file and configure with user’s Group ID and integrating with LDAP, permission gets denied to perform the Human Task.
On debug able to Notice, application hits to the LDAP for HT operations and populates respective Groups for the user who does Human Task operation, but at the end it fails with permission denied exception.
Could someone help me how to use LDAPUserGroup with .bpmn process kept in the classpath.
Code snippet to setup LDAP user/group Auth-
Properties properties = new Properties();
properties
.setProperty("java.naming.security.principal", "cn=orcladmin");
properties.setProperty("java.naming.security.credentials",
"apsp4Security");
properties.setProperty("ldap.user.ctx",
"cn=Users,dc=ovf,dc=apsp,dc=local");
properties.setProperty("ldap.role.ctx", "cn=Groups,dc=ovf,dc=apsp,dc=local");
properties.setProperty("ldap.user.filter", "(uid={0})");
properties.setProperty("ldap.role.filter", "(uniqueMember=cn={0})");
properties.setProperty("ldap.user.roles.filter","uniqueMember=cn={0},cn=users,dc=ovf,dc=apsp,dc=local");//"(member={0})");//
properties.setProperty("ldap.user.id.dn", "true");
properties.setProperty("java.naming.provider.url",
"ldap://10.3.17.134:3060/");
userGroupCallback = new org.jbpm.services.task.identity.LDAPUserGroupCallbackImpl(
properties);
emf = Persistence
.createEntityManagerFactory("org.jbpm.persistence.jpa");
RuntimeEnvironment environment = RuntimeEnvironmentBuilder
.getDefault()
.persistence(true)
.entityManagerFactory(emf)
.userGroupCallback(userGroupCallback)
.addAsset(ResourceFactory.newClassPathResource(process),
ResourceType.BPMN2).get();
return RuntimeManagerFactory.Factory.get()
.newPerProcessInstanceRuntimeManager(environment);
-
files.zip 39.7 KB