Hi , I am working with jBPM v 3.2.3 with Spring Modules .9 (with Spring 2.5.2 and Hibernate 3.2.6) against a mySQL 5.1 DB. I can deploy Process Definitions and create Process Instances fine, However, it appears jBPM is not using any form Authorizaton. According to the manual I can use IdentityAuthorizationService to check a Tasks permission versus the actorid calling the task. Unfortunately this class is not implemented. Also, I'm wondering do I have to explicitly call this checkPermissions method of IdentityAuthorizationService each time I need to signal a token or is there a way of wiring the authorization up to the signalling process automatically? I've added the following service element to jbpm.cgf.xml: service name="authorization" factory="org.jbpm.security.authorization.IdentityAuthorizationServiceFactory" in the <jbpm-context> element. Many thanks for your time. Phil View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173627#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...