9 Replies Latest reply on Oct 26, 2006 10:09 AM by David Owens

    Ripping out identity component

    Cliff Jao Newbie

      The user guide says: "When you want to use your own datasource for organisational information such as your company's user database or ldap system, you can just rip out the jBPM identity component."

      Can someone point me towards some resources on how to rip out the identity component?

      I guess I'm not sure about how the org.jbpm.identity package interacts with the rest of jBPM.


        • 1. Re: Ripping out identity component
          jbpmndc Newbie

          in hibernate.cfg.xml follow the directions to comment out the user,group and membership objects.

          Then, you can just delegate the security to your application container and manage access using the container's built in security mechanism.

          A lot can be discussed about when you should do this and when you should not. It seems to me that because jbpm is really just a jar, a lot of time you can rely on the app server for security.

          <!-- following mapping files have a dependendy on -->
           <!-- 'jbpm-identity-{version}.jar', mapping files -->
           <!-- of the pluggable jbpm identity component. -->
           <!-- comment out the following 3 lines if you don't-->
           <!-- want to use the default jBPM identity mgmgt -->
           <!-- component -->
           <mapping resource="org/jbpm/identity/User.hbm.xml"/>
           <mapping resource="org/jbpm/identity/Group.hbm.xml"/>
           <mapping resource="org/jbpm/identity/Membership.hbm.xml"/>

          • 2. Re: Ripping out identity component
            Ronald van Kuijk Master

            Yep, this is exactely the answer to your question how to rip it out. It does not answer the probably next question on how to implement your own...

            Relying on the appserver for logging in etc... is indeed simple. The identity component does a little more. It is used in the default assignment expressions. So if you delete it, you have to build assignment handlers if things are needed OR implement your own identity component with the same api as the jbpm identity component and activate it in some way (I have no idea how to)

            • 3. Re: Ripping out identity component
              Cliff Jao Newbie

              Hmmm. If I extend ExpressionAssignmentHandler as suggested in the User Guide, how do I get jBPM to use my new one by default if I have an assignment expression in my process XML?

              (I believe this question has been asked before in the forums with no response.)

              • 4. Re: Ripping out identity component
                Ronald van Kuijk Master

                Extending the ExpressionAssignmentHandler is indeed one thing to implement. Replacing the existing one is another.

                The reason it was probably not answered may have to do that if the source is used (a very good source of information), you will see a limited number of references and a conclusion could be very easy to draw:

                Currently, from what I FOUND, it is not configurable, at least not without adapting the source. The file org.jbpm.jpdl.xml.JpdlXmlReader contains a fixed reference to the default ExpressionAssignmentHandler :


                so it could be that changing this, recompiling the code and running it, solves it. Give it a go....

                • 5. Re: Ripping out identity component
                  Olivier Kloss Newbie

                  If you look at my post over there:


                  I explain how I implemented assignment to use the user/role info from our app.

                  We're not using swinlanes though and not the example webap either.

                  Also, this was more than 8 months ago so I don't know how much has changed since 3.0 on that front.

                  I'd also be happy to get opinions on wether this is a good way to do it, if you see any potential problems, etc. Thanks!

                  (p.s. A little note on the forum search. A search for all posts by author "m_ok" did not return the above post. Strange...)

                  • 7. Re: Ripping out identity component
                    Ronald van Kuijk Master


                    What you did is not wrong, it is just another way of doing assignments. I myself do not want to have to add these handlers to every task. That is what we are focussing on and that is what making this configurable is for.

                    • 8. Re: Ripping out identity component
                      Luigi Di Naro Newbie

                      maybe this can work?

                      I modified JpdlXmlReader to use definition of service in jbpm.cfg.xml
                      (still use original fix assignment if no value specified)


                       if (expression!=null){
                       if (JbpmConfiguration.getInstance().getServiceFactory("Identity") != null)
                       } else {

                       <service name="identity" factory="it.xxx.yyy.ExpressionAssignmentHandler" />

                      but I have a problem calling JbpmConfiguration.getInstance()
                      because I'm using jbpm inside spring and that call doesn't work!
                      there is a way?