In other words,
how to pass the security information of the EJB enviroments to the jbpm engine?
e.g., is it possible to pass Caller Principal of EJB method calls to the jbpm engine methods?
what is the recommended way?
Do i only need to change jbpm.cfg.xml file as below?
<service name="authentication" factory="org.jbpm.security.authentication.DefaultAuthenticationServiceFactory" />
to <service name="authentication" factory="org.jbpm.security.authentication.JBossAuthenticationServiceFactory" />
post 1: currently the webapp does authenication, jbpm uses this by getting the userPrincipal. The ejb should get this as well, as long as it is passed on by the container. Did you try this and get errors or no user?
post 2: this is a question the other way around. You cat pass the actorID to jBPM yourself. Where you get it from (e.g. the ejb context) is up to you.
That is partly related, but afaik, not relevant regarding your questions.