Currently I am involved in a project that is moving away from a proprietary workflow solution to a JBPM based workflow solution. One of the first things I attempted to do was try and make jBPM integrate with the identity management solution used in the project. I knew that jBPM comes packaged with some sort of identity component so I started reading up on it in the userguide.
“Management of users, groups and permissions is commonly known as identity management. jBPM includes an optional identity component that can be easily replaced by a company’s own identity data store.”
Sounds good. But then I kept on reading
When you want to use your own datasource for organisational information such as your company’s user database or ldap system, you can just rip out the jBPM identity component. The only thing you need to do is make sure that you delete the line …
<mapping resource="org/jbpm/identity/User.hbm.xml"/>
<mapping resource="org/jbpm/identity/Group.hbm.xml"/>
<mapping resource="org/jbpm/identity/Membership.hbm.xml"/>
from the hibernate.cfg.xml
The ExpressionAssignmentHandler is dependent on the identity component so you will not be able to use it as is. In case you want to reuse the ExpressionAssignmentHandler and bind it to your user data store, you can extend from the ExpressionAssignmentHandler and override the method getExpressionSession.
protected ExpressionSession getExpressionSession(AssignmentContext assignmentContext);
Yikes! What more, the reference to ExpressionAssignmentHandler class is actually hardcoded. So you cannot use a class that simply extends from ExpressionAssignmentHandler. It looks like you have to physically break open the jbpm-identity jar and replace the ExpressionAssignmentHandler contained within by a modified version
This must be some new kind of easy
update: Someone already submitted a Jira issue for this
I need to integrate jBPM with LDAP.
I also read the topic in JIRA.
Did you finally build your own identity module successfully?
There is few information and examples about this topic.
I would appreciate your feedback about it.
Thanks,
Val
Hello!
I’m also involved in a similar project; we need to use jBPM instead of the workflow we made. Now I’m trying to figure out if we could use jBPM identity componenet to work with LDAP. It’d be so kind of you if you got some examples, code snippets or any guidance. Thanks..
Hello,
yes, i am having the same problem. docu says “simply rip off the identity component”
but then ? what to do?
do you have a solution?
Hi,
I think they should have written something like “Create a library jar similar to ours that suits your needs …” My experience with ldap is that I had to create a library with spring-ldap and my own class ExpressionAssignmentHandler that does the same but against ldap. Greetings.
See https://jira.jboss.org/jira/browse/JBPM-769 for details of the intended way to provide a custom assignment handler.