I have a simple workflow having a script task, 2 human tasks in succession and then finally another script task.
Each of the human tasks have a form to be displayed and an approve button. I initially tried the basic process
without my own task client. It worked but when the actor for the second human task approved the form it came up
with the following error message. The actor for the first human task is krisv and when he approved the form it went OK.
But when the actor of the second human task which is john tried to approve his form it gave this exception about krisv
which did not make any sense he is not at all involved with the second human task.
org.jboss.resteasy.spi.UnhandledException: org.jbpm.task.service.PermissionDeniedException: Server-side Exception: User '[User:'krisv']' does not have permissions to execution operation 'Start' on task id 5
Then I tried creating a Mina task client and processing the task in code. I can get the task, claim, start and complete it.
But then how do I view the forms and approve it. I have to go back to the JBPM console. Even the human task panel
in eclipse only allows to start and complete the task. It does not allow to view the forms.
Then I thought let me get the task and claim it in code and do the rest in the JBPM console. I thought the Blocking calls
will help me do this. But this did not work either. Since the code was consecutive it successively claimed the respective
tasks for krisv and john. The blocking call did not wait for me complete the operation for krisv through the JBPM console.
I am using JBPM5.2. Eclipse Helios SR2, JBoss App Server 7 and I am using the Mina Task Server created by the ant script.
I have my main process when loads the knowledge base, creates the session, registers the human task handler and starts
the process. I have my mina client process which creates the Mina task client and does the processing of the tasks.
Your suggestions will be greatly appreciated.
I want to another important piece of information that I had missed out earlier. When the user krisv logs in to the console he is able
to see the task in the panel. When he clicks on view there is further authentication before the form is displayed. He has already logged
in and he is the potential owner of the task. I don't know whey he is required to authenticate again to view the form.
Interestingly the actor for the second human task john when he logs in he is able to view the form without further authentication.
Also the users and groups are defined in the task-service directory which the task server reads. But I was not able to trace the
assignment between users and groups namely to which groups each user belongs. Also in the auth folder under the jbpm-installer
there is a file which defines roles. Where is this information used ?
I am thinking that the second authentication information by krisv is remembered and even though it is john who is approving the
second human task it is remembering the previous authentication.
Thanks for your help. Actually I tried to run the sample demo program - the evaluation one.
There are 2 screens that are displayed :
When you type http://localhost:8080/jbpm-console you get a login screen
When you login as "krisv" then go to tasks and select the task that you want to view then there is another login.
This is the actual BPM Console snapshot. This login is requested only once. When the second user say "john" or
"mary" logs in and they want to view the tasks it does ask for the second login.
The reason is cookies store the login information and they are valid for the entire session. So when user "john" logs in
the system does not ask him to authenticate because of the cookies. So even though it is john who is approving
it remembers from the cookies that it is krisv. So even though it is john who has logged into the JBPM console
it remembers "krisv" from the BPM console login. This is what I think is the issue.
When I tried deleting the cookies after the logout of "krisv" and then logged in as "john" it asked for the second login
(BPM Console Login) and it worked fine.
Thanks for your help.
Thanks. Though I manually deleted the cookies to test it we can programmatically do it using the HttpServlets.
The cookies are used by website owners mostly to gather information on user preferences. We can get details
of the cookies using their domain names and then set the age of the cookies to 0. Then the cookies get deleted
automatically. So when the second user john or mary logs in they will also have to the second authentication in
the BPM console.
Of course the other alternative is to eliminate the second authentication itself which seems to be redundant in this
case. For that of course it is necessary to update source code for GWT console & server. Then build the war files
and then deploy it on the server.