At this point introducing and checking permissions has not been a priority because in most cases this responsibility is assumed by the application (webapp, standalone app) hosting jBPM. Moreover it is very difficult to provide a generic system that does not impact performance and that satisfies every user.
So the way to do this is to define the permissions you want to have in your system, develop your own AuthorizationService and the checkPermission method of this service, and insert calls to this service at the appropriate places in the jBPM code as this service is not yet used for the reasons stated above.
Hope this helps,
Thanks, Koen for your reply.
Just out of curiousity, is there a specification on which the JBPM Identity component is based or extracted from, like portlets for instance.
I just wish to use it to grab a better understanding of the JBPM Identity component model.
No, it is not based on any standards, just "gezond boeren verstand" (try translating that with any system ;-)) and some academic studies.
Hmm as usual, babelfish messes up: 'healthy farming verstand'. And if you specify 'gezond boerenverstand' it says: 'healthy farmer verse cog' :-)
But indeed, it is not based on any standard. It is there for convenience and if you need something else (more or less powerful) you can easily change it... In the future we will align the identity component with the one used in JBoss Portal.
Because jBPM works right in the app, why have a separate authentication/authorization mechanism from the server?
I assume the reason the big vendors often have a separate identity component is becuase their implementations are often separate from the application server.
The reason is that jBPM is also able to run outside of an app server, e.g. in Tomcat or in a rich client application. But to do interesting things wrt task management and task assignment, you need an identity component. So we provided a default system that is *very* easily changeable by any system provided by some 'big vendor' :-))
The only thing you have to do to implement this is provide your own implementation of a configurable assignment handler.
I am now trying to use jbpm identity component model to point to my applications datasource, as I already have information for users and roles in the application and wish to extend the model by including groups and memberships.
I am newbie to hibernate so I am not exactly sure if I am doing it correctly.
I have a user and a role table and have created a group and memberships table in my schema.
I have taken out the identity components mappings from hibernate.cfg.xml and created another hibernate configuration file and placed in those mappings there, with connection properties for my application database.
However, I am having trouble connecting to two oracle schema's at the same time, one for JBPM and the other for my application with JBPM_ID component tables.
Any ideas or directions are much appreciated.