Monday, January 18, 2016

How to perform authorizations during BPMN process instance initialization


When designing the BPMN workflow, users can define either the candidate start users or groups.  This permits only the allowed users to start an instance.

Requirements

Candidate start users/groups can be configured like this in Activiti eclipse designer



candidate users/groups can be defined either directly or by defining variables. T

The direct way is to define the user name or group name like admin1, manager etc ...

On the other hand we can use the variables to define the user name or group name as well like ${user1}, ${mgr1}.

The value for these defined variables can be defined in 2 ways. Those are static way and dynamic way.

Static Way

This is similar to variable declarations. This value can be set under the "Data Objects" section of process definition.





Dynamic Way

When invoking the process definition with the REST start call,  you can define the dynamic variable inside "variables" json array.

When starting the process instance following URL should be hit with the json message request
https://localhost:9443/bpmn/runtime/process-instance.

Prior to sending the request please make sure to set the following header values.
Those are

  • Content-Type: application/json or application/xml
  • Accept: application/json or application/xml
  • Authorization: Basic base64encode(username:password)

Authorization header has to be set with the base64 encoded values of "username:password".


In the event of authorization failure REST API will return with 401.

No comments:

Post a Comment