Our current platform is a microservices platform built on top of Spring Cloud, and we have a dedicated User Authentication & Authorization microservice, which uses spring security and spring oauth2 implementation. (More specifically, we’re using JHipster generated UAA server)
Currently we’re looking into integrating flowable engine into our microservices platform as a “bpm” service. And in “bpm” service, there is no need for future authentication, because we can assume that there is always a valid security context when any request reaches the service (the microservice gateway is making sure of this)
We have digged into the documentation for quite some time, and understand that there is an option of writing our custom IdmIdentityServiceImpl implementation to replace the whole identity management service. But is there any other option, since we don’t want flowable to perform any authentication and just getting user/group information from existing security context?
Could anyone help advice what will be the best practice for such scenario? Thanks in advance!