Trifork Blog

Extensibility jBPM style

October 8th, 2007 by

Currently I am involved in a project that is moving away from a proprietary workflow solution to a JBPM based workflow solution. One of the first things I attempted to do was try and make jBPM integrate with the identity management solution used in the project. I knew that jBPM comes packaged with some sort of identity component so I started reading up on it in the userguide.

“Management of users, groups and permissions is commonly known as identity management. jBPM includes an optional identity component that can be easily replaced by a company’s own identity data store.”

Sounds good. But then I kept on reading

When you want to use your own datasource for organisational information such as your company’s user database or ldap system, you can just rip out the jBPM identity component. The only thing you need to do is make sure that you delete the line …
<mapping resource="org/jbpm/identity/User.hbm.xml"/>
<mapping resource="org/jbpm/identity/Group.hbm.xml"/>
<mapping resource="org/jbpm/identity/Membership.hbm.xml"/>

from the hibernate.cfg.xml
The ExpressionAssignmentHandler is dependent on the identity component so you will not be able to use it as is. In case you want to reuse the ExpressionAssignmentHandler and bind it to your user data store, you can extend from the ExpressionAssignmentHandler and override the method getExpressionSession.
protected ExpressionSession getExpressionSession(AssignmentContext assignmentContext);

Yikes! What more, the reference to ExpressionAssignmentHandler class is actually hardcoded. So you cannot use a class that simply extends from ExpressionAssignmentHandler. It looks like you have to physically break open the jbpm-identity jar and replace the ExpressionAssignmentHandler contained within by a modified version

This must be some new kind of easy

update: Someone already submitted a Jira issue for this

5 Responses

  1. January 7, 2008 at 16:10 by Valérie Sevel

    I need to integrate jBPM with LDAP.
    I also read the topic in JIRA.
    Did you finally build your own identity module successfully?
    There is few information and examples about this topic.
    I would appreciate your feedback about it.

  2. January 31, 2008 at 01:26 by Andrew

    I’m also involved in a similar project; we need to use jBPM instead of the workflow we made. Now I’m trying to figure out if we could use jBPM identity componenet to work with LDAP. It’d be so kind of you if you got some examples, code snippets or any guidance. Thanks..

  3. April 14, 2008 at 15:55 by Sascha


    yes, i am having the same problem. docu says “simply rip off the identity component”

    but then ? what to do?

    do you have a solution?

  4. May 22, 2008 at 15:57 by Javier de Ros

    I think they should have written something like “Create a library jar similar to ours that suits your needs …” My experience with ldap is that I had to create a library with spring-ldap and my own class ExpressionAssignmentHandler that does the same but against ldap. Greetings.

  5. March 16, 2009 at 05:03 by Steve Gibson

    See for details of the intended way to provide a custom assignment handler.