Custom IdentityService

I am Spring Boot Flowable autoconfiguration.

I have a custom service that implements the interface IdentityService. I also have set the IDM engine to not start. I dont want to even load the Identity tables.

My question is how can I inject my IndentityService into the process engine? I am not sure how to get a handle to the process engine context .

To do this, you’d need to have an implementation that looks like the ldap implementation that’s in the flowable-ldap module: https://github.com/flowable/flowable-engine/blob/master/modules/flowable-ldap/src/main/java/org/flowable/ldap/LDAPIdentityServiceImpl.java

The way that one is injected in the engine is by adding a custom configurator, like this one: https://github.com/flowable/flowable-engine/blob/master/modules/flowable-ldap-configurator/src/main/java/org/flowable/ldap/LDAPConfigurator.java

Thanks Joram.

I have implemented they way the LDAP was done. It works.

For some reason I was thinking that the IDM property could be used to not load IDM tables and service:
flowable.idm.enabled: false
But this is not working as the my Identity service is never invoked. I must be misunderstanding if IDM can be disabled and still use custom Identity implementation.

@tjmac, I am curious what your custom identity service does…I have a similar requirement to implement a custom identity service and I am currently lost on how to go about it…would appreciate any help.

Basically I have a class that extends GroupQueryImpl to get the authorities from Spring Security. I override the following in Groovy:

@Override
public List executeList(CommandContext commandContext) {
return executeQuery()
}

List<Group> executeQuery() {

    def groups = []

    def authorities = SecurityContextHolder.getContext().getAuthentication().authorities
    authorities.each {
        GrantedAuthority grantedAuthority ->
        groups.add(new GroupEntityImpl(id:grantedAuthority.authority))
    }
    groups
}

@ righthireinc Since Spring Security context has already taken care of Authentication and has the Roles/Groups we need. I just need to fetch the roles and the engine can now associate a userid to a candidate group.