i am using jBPM 3.0 and i managed to add a new method in the Authentication class in jbpm.org.security package that has a signature with username and password. The methods name is pushAuthenticatedActorId(String username, String password) - polymorphism.
That method speaks and authenticates against an OpenLDAP server. The method is called by the login()-method of the UserBean. After the successful login the password is set to null and i am only working with pushAuthenticatedActorId(String username). In every jsp-page i use the UserBean to check, whether the username is set, if not, no access is granted to the jsp.
I am currently working on how to use the Authorization class in order to set up process-pages (home.jsp) according to the role one person has.
I don't know if this method is a dirty one, but maybe someone tells me a better method.
I hope i could help,