Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure activiti to use kerberos

per_berge
Champ in-the-making
Champ in-the-making

‎02-10-2014 10:29 AM

In both activiti-rest and activiti-explorer there are settings to configure activiti to use a database.
I've changed it to using the oracle driver and it works fine with a sql users.
In activiti I've deployed a process which runs service tasks which use hibernate and logs in to the same database using kerberos.
<blockcode>
<property name="hibernate.connection.oracle.net.authentication_services">KERBEROS5</property>
<property name="hibernate.connection.oracle.net.kerberos5_mutual_authentication">true</property>
</blockcode>
How would I go about it to use a specified kerberos user to access the oracle database for activiti-rest or activiti-explorer?
I've tried specifying simply specifying username and password directly in db.properties file which gives :
(ORA-01017: invalid username/password; logon denied)
<blockcode>
jdbc.username=user@domain.com
jdbc.password=qqq
</blockcode>
I would expect I need to specify some of the oracle connection properties in java using properties for specifying f.i krb5_realm, krb5_kdc and so on:
(http://docs.oracle.com/cd/B28359_01/java.111/b31224/clntsec.htm#CIHCIDHF).

Is it possible to simply add or replace the necessary properties in the following section from activiti-context.xml:
adding
<blockcode>
    <property name="java.security.krb5.realm" value="domain.com" />
    <property name="java.security.krb5.conf" value="c:/oracle/krb5/krb5.conf" />
</blockcode>

to:
<blockcode>
    <property name="driverClassName" value="${jdbc.driver}" />
    <property name="url" value="${jdbc.url}" />
    <property name="username" value="${jdbc.username}" />
    <property name="password" value="${jdbc.username}" />
</blockcode>

Another alternative is for activiti to use the logged on user on the webserver, in my situation it's using tomcat7.

Anyone have any ideas for which direction to go in to resolve this issue?
Labels:
0 Kudos
1 REPLY 1

trademak
Star Contributor
Star Contributor

‎02-11-2014 10:21 AM

You can build your own process engine configuration in Java an pass along any username and password you want. From there you can create an Activiti instance instead of using the db.properties approach. But this requires changing the REST and Explorer app a bit. By default I don't this use case is supported.

Best regards,
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC