I’m using Flowable 6.4.2 and I can access spring beans in script task with Groovy.
Thanks in Advance
Which JDK are you using (the org.mozilla seems to be a different package than usual)?
Did you try accessing the variable through e.g. execution.getVariable(‘foo’)?
I’m using OpenJDK 8.
Yes, I can access variables via execution.getVariable(“var1”);
But I can’t find out how I can tweak it in order to make the Spring beans accessible.
I spent some time reading the relevant codes. I made a PR regarding this issue here.
I augmented the SecureScriptScope with ProcessEngineConfiguration’s beans.
I would be happy to know any comments about it.
I had a brief look at the PR and it looks quite promising. The only thing we need to see is whether we want to be more restrictive here, since exposing all Spring Beans doesn’t sound too secure. You could get ahold of the
ApplicationContext and close it, which I assume is something that you don’t want happening.
Surely I don’t want to expose all the Spring application context.
I think the term “Spring Beans” is a bit misleading.
I actually intend to expose the Beans that are registered via
SpringProcessEngineConfiguration#setBeans and are normally accessible in EL expressions as well.
I figured as much. The thing is that currently by default the
beans in the
SpringProcessEngineConfiguration is actually a
SpringBeanFactoryProxyMap which wraps the
ApplicationContext. I know that you are probably going to configure the beans with different values, but perhaps we need changes to some other place as well (or don’t wrap the application context in the configuration)
Thanks @filiphr for your explanation.
I think if we don’t wrap the
ApplicationContext in the configuration, that could cause some backward compatibility issues. Because it is supposed to be accessible in the expressions.
So I made some changes here. Where we can configure to expose the beans to the secure script task or not.(which is disabled by default).
Hi, does 6.5.0 expose Spring beans now? I see your PR got merged
The PR above is about exposing the beans to a secure script (which is different from regular scripting, see https://flowable.com/open-source/docs/bpmn/ch18-Advanced/#secure-scripting).
What kind of script / script language are you using?