Hyland Connect

agarwalk · ‎09-20-2011

Hi,

   I have a centralized user management system which I want to use in my application in which Activiti is used as a process management tool.

   I dont want to have the pain of syncing the users with activiti user database.

   If I see the tasks APIs in Activiti, it doesn't validate the users are there in Activiti DB or not.

   This means I can assign a task to any user Name / group (even when these are not present in Activiti).

   I am using Spring for all my business logic and all the security related activities are hanled by Spring itself.

   Just wanted to confirm if this is valid or not?? Can I use activiti without using its user management portion.

   I understand for logging purpose I can set IdentityService.setAuthenticarId() externally.

   Request thoughts on this..

Thanks in advance

rkroll · ‎11-16-2011

We have a similar requirement, and have extended the org.activiti.engine.impl.persistence.entity.UserManager, using our Spring services to fetch users, and transform them to an Activiti User. We also needed to create a custom SessionFactory (CustomUserManagerFactory) which is a factory for our cutom UserManager. The same pattern can be used to provide custom groups if needed. Here is a sample of the classes:


@Service
class CustomUserManagerFactory implements SessionFactory {
       @Autowired
       CustomUserManager customUserManager;

       public Class<?> getSessionType() {
              // original UserManager
              return org.activiti.engine.impl.persistence.entity.UserManager.class;
       }

 public Session openSession() {
  // Customized UserManger extended from org.activiti.engine.impl.persistence.entity.UserManager
  return customUserManager;
 }
}


@Component
public class CustomUserManager extends UserManager {

 @Autowired
 private UserService userService;

 @Override
 public UserEntity findUserById(String username) {
  Assert.notNull(username, "username must not be null");
  com.our.app.model.User user = getUserService().findUserByusername(username);
  return toActivitiUser(user);
 }

….

}

They can then be wired into spring:


<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
  <property name="databaseType" value="${activiti.databaseType}" />
  <property name="dataSource" ref="dataSource" />
  <property name="transactionManager" ref="transactionManager" />
  <property name="databaseSchemaUpdate" value="${activiti.databaseSchemaUpdate}" />
  <property name="jobExecutorActivate" value="${activiti.jobExecutorActivate}" />
  
  <property name="customSessionFactories">
   <list>
    <bean class="com.your.app.CustomUserManagerFactory" />
    <bean class="com.your.app.CUstomGroupManagerFactory" />
   </list>
  </property>
 </bean>

meyerd · ‎11-18-2011

To answer the initial question:
You can use activiti without the internal identity management. So assigning a user task to any "string" is fine and one of the intended ways to use activiti.

Plugging into activiti identity management (as the previous post shows) is necessary if you want users from an external source to be able to log into the activiti explorer. But if you are just embedding the engine, this is not required.

lykm02 · ‎12-26-2011

To answer the initial question:
You can use activiti without the internal identity management. So assigning a user task to any "string" is fine and one of the intended ways to use activiti.

It's acceptable for me.

Plugging into activiti identity management (as the previous post shows) is necessary if you want users from an external source to be able to log into the activiti explorer.

But if you are just embedding the engine, this is not required.

I am confused with the conclusion. So, could you show some sample ? Or more detail description?

Hyland Connect

Separating out User Management