3 Replies Latest reply on Aug 5, 2006 11:19 AM by Ronald van Kuijk

    jbpm with EJBs-->security

    peter Apprentice


      From jbpm user guide,

      Authentication is the process of knowing on who's behalf the code is running. In case of jBPM this information should be made available from the environment to jBPM. Cause jBPM is always executed in a specific environment like a webapp, an EJB, a swing application or some other environment, it is always the surrounding environment that should perform authentication.

      Also from user guide: First terms

      An expression is resolved from left to right. The first-term specifies a User or Group in the identity model. Subsequent terms calculate the next term from the intermediate user or group.

      previous means the task is assigned to the current authenticated actor. This means the actor that performed the previous step in the process.

      If i don't want to use jbpm_user, jbpm_group etc database table but using EJB and servlet enviroment to provide securied enviroment, how to make sure current authenticated actor is the principle name of the EJBs?

      More information is appreciated here.


        • 1. Re: jbpm with EJBs-->security
          peter Apprentice

          In other words,

          how to pass the security information of the EJB enviroments to the jbpm engine?

          e.g., is it possible to pass Caller Principal of EJB method calls to the jbpm engine methods?

          what is the recommended way?


          • 2. Re: jbpm with EJBs-->security
            peter Apprentice

            Do i only need to change jbpm.cfg.xml file as below?

            <service name="authentication" factory="org.jbpm.security.authentication.DefaultAuthenticationServiceFactory" />

            <service name="authentication" factory="org.jbpm.security.authentication.JBossAuthenticationServiceFactory" />


            • 3. Re: jbpm with EJBs-->security
              Ronald van Kuijk Master

              post 1: currently the webapp does authenication, jbpm uses this by getting the userPrincipal. The ejb should get this as well, as long as it is passed on by the container. Did you try this and get errors or no user?

              post 2: this is a question the other way around. You cat pass the actorID to jBPM yourself. Where you get it from (e.g. the ejb context) is up to you.

              post 3:
              That is partly related, but afaik, not relevant regarding your questions.