[jboss-user] [JBoss jBPM] - Re: Regarding jbpm-identity

wjm do-not-reply at jboss.com
Thu Apr 19 07:03:14 EDT 2007

"MGarl10024" wrote : 
  | Section 11.11 from the Reference Manual stating "jBPM includes an optional identity component that can be easily replaced by a company's own identity data store" is just not working out like planned.
  | - If you remove it, other things break.  
  | MG

The identitity datamodel which you implement must provide three primary components.  

  | 1. USER - key, name, password
  | 2. ROLE - key, rolename (There must be a role for every swimlane you specify in your diagram, this is the problem in your case)
  | 3. USERROLE - this is the tricky bit.  
  | Every USERROLE must have a combination of a valid user and a valid role, and provide the means for the JDBCUserRealm implementation you choose (tomcat, jetty, jboss, etc) to lookup these associations.    The one for tomcat is documented on the wiki.  Here's the config I use for jetty's org.mortbay.jetty.security.JDBCUserRealm:
  | usertable: JBPM_ID_USER
  |   | usertablekey: ID_
  |   | usertableuserfield: NAME_
  |   | usertablepasswordfield: PASSWORD_
  |   | roletable: JBPM_ID_GROUP
  |   | roletablekey: ID_
  |   | roletablerolefield: NAME_
  |   | userroletable: JBPM_ID_MEMBERSHIP
  |   | userroletableuserkey: USER_
  |   | userroletablerolekey: GROUP_
  | Note how I am using the default tables which are provided with the jbpm identity mechanism, but the specification of the keys and fields is the critical bit for the jbpm-console to do the lookups through the provided Realm.  
  | Unfortunately, the tomcat wiki pages are not clear enough about the fact that one must provide a complete JDBCUserRealm, with every field mapped, for things to work.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038848#4038848

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038848

More information about the jboss-user mailing list