-
1. Re: jBPM Users and Roles using JEE security
salaboy21 Feb 14, 2012 11:38 AM (in response to jbize)1 of 1 people found this helpfulThe project is not dead, and it's quite active indeed. You can take a look a the source code that is evolving day after day.
You can achieve what you are looking for using the UserCallbacks, you can take a look at an example using LDAP here, in your case it will be the same but for the JEE realm.
https://github.com/Salaboy/jBPM5-Developer-Guide/tree/master/chapter_06/jBPM5-Ldapcallback
Cheers
-
2. Re: jBPM Users and Roles using JEE security
jbize Feb 14, 2012 12:57 PM (in response to salaboy21)Thanks Mauricio,
I believe you're saying I have to impliment the UserGroupCallback interface and register that class with the UserGroupCallbackManager singleton. Is that correct? Is that only for the MinaTaskServer?
The JEE security occurrs in the context of a user session, so in that context, I can't obtain the user and group information for a different user, only the authenticated user.
(If there's no other way, my authentication provider does have an available RESTful API that I can use if necessary. I would prefer not to if I don't have to.)
But let me backup. We have a single application on a single application server. It would be preferable to not have to use an external (Mina) task server. Is there a way to do this entirely within the session context? If not, is there a way to do this entirely within the one application (WAR) without exposing an external Mina Server?
Thanks,
John
-
3. Re: jBPM Users and Roles using JEE security
salaboy21 Feb 14, 2012 1:16 PM (in response to jbize)It should work with also a local version of the task server. you can start a local task server inside your application and use that to interact without the need of using the Mina Server at all..
You can also expose the task server bean as a JNDI resourse so multiple applications can use it if it's needed (it's a common requirement to share the task server across different applicaitons that will be running processes or creating tasks).
Usually what you need to build is a task list oriented UIs. I'm not sure to understand correctly your example. The user that is logged in should see his/her own tasks (or the one belonging to it's group). If you want to see another user tasks you need to loggin with a different user (a common requirement as well).
If you can provide a simple application/test that shows and setup the JEE realm with some mock users we can help you to improve it as long as we can have a generic example like the LDAP one.
Cheers
-
4. Re: jBPM Users and Roles using JEE security
jbize Feb 14, 2012 2:25 PM (in response to salaboy21)Thanks again Mauricio,
Unfortunately, my work environment is not on the Internet. My internet access is via an email/browser station with very limited functionality. Just importing files from the Internet is a tedious, administrative, and time consuming process. Exporting to the Internet is nearly impossible; I'm afraid I can't provide any code. I am using jBPM version 5.2.0.Final.
I appreciate being able to expose the task server bean as a JNDI resource, but for now, our plan is to have our one app be the one-stop-shop.
I see the LocalTaskService and LocalHumanTaskService classes in the org.jbpm.task.service.local package. Are these the classes I need to start a local task server inside my application? If so, I'll try to Google for examples. Are they independant, or do I need both? Will I still interact via a TaskClient?
Can I do this and still use the custom UserGroupCallback?
I'm sorry I was confusing about the user session info. The JEE realm will not provide me any information beyond HttpServletRequest.getRemoteUser(), and HttpServletRequest.isUserInRole("role_name"). The application/database doesn't know about provisioned users, it only knows the identity string of the current user within the context of a user's session. (It does know about roles/groups, as membership requirements are all over the application, granting access to pages, data, resources, etc.) So, in a session scoped bean, I could implement the UserGroupCallback as long as the only user was the current user. I suspect that won't be possible however, and I'll have to go outside the realm and use the external RESTful interface. I hope that's more understandable.
-
5. Re: jBPM Users and Roles using JEE security
jbize Feb 16, 2012 3:24 PM (in response to jbize)I appreciate your trying to help Mauricio.
Unfortunately, I can't find any working examples. It appears that either the posts I find refer to oldversions, or when people are asked to provide more information, they do and the threads simply die there.
I don't believe there is a way to use Spring for any of the configuration, and I haven't found a working combination of configuration and code.
I'll open a new thread.
-
6. Re: jBPM Users and Roles using JEE security
salaboy21 Feb 16, 2012 3:38 PM (in response to jbize)You can find any working example of what?
Did you try the LDAP example and replicate that for the JEE realm?
Cheers
-
7. Re: jBPM Users and Roles using JEE security
jbize Feb 17, 2012 6:33 AM (in response to salaboy21)I can't find any working examples of using a LocalTaskService (and/or LocalHumanTaskService) in a Spring3 web application. I'd need to get that working with a simple (e.g. demo) workflow before I can look at the UserGroupCallback. I don't think anyone has been successful with that.
Thanks.