Custom IdentityService

tjmac44 · June 20, 2019, 3:30am

I am Spring Boot Flowable autoconfiguration.

I have a custom service that implements the interface IdentityService. I also have set the IDM engine to not start. I dont want to even load the Identity tables.

My question is how can I inject my IndentityService into the process engine? I am not sure how to get a handle to the process engine context .

joram · June 20, 2019, 2:44pm

To do this, you’d need to have an implementation that looks like the ldap implementation that’s in the flowable-ldap module: https://github.com/flowable/flowable-engine/blob/master/modules/flowable-ldap/src/main/java/org/flowable/ldap/LDAPIdentityServiceImpl.java

The way that one is injected in the engine is by adding a custom configurator, like this one: https://github.com/flowable/flowable-engine/blob/master/modules/flowable-ldap-configurator/src/main/java/org/flowable/ldap/LDAPConfigurator.java

tjmac · June 20, 2019, 3:36pm

Thanks Joram.

I have implemented they way the LDAP was done. It works.

For some reason I was thinking that the IDM property could be used to not load IDM tables and service:
flowable.idm.enabled: false
But this is not working as the my Identity service is never invoked. I must be misunderstanding if IDM can be disabled and still use custom Identity implementation.

righthireinc · June 24, 2019, 12:04am

@tjmac, I am curious what your custom identity service does…I have a similar requirement to implement a custom identity service and I am currently lost on how to go about it…would appreciate any help.

tjmac · June 24, 2019, 11:48am

Basically I have a class that extends GroupQueryImpl to get the authorities from Spring Security. I override the following in Groovy:

@Override
public List executeList(CommandContext commandContext) {
return executeQuery()
}

List<Group> executeQuery() {

    def groups = []

    def authorities = SecurityContextHolder.getContext().getAuthentication().authorities
    authorities.each {
        GrantedAuthority grantedAuthority ->
        groups.add(new GroupEntityImpl(id:grantedAuthority.authority))
    }
    groups
}

tjmac · June 24, 2019, 11:53am

@ righthireinc Since Spring Security context has already taken care of Authentication and has the Roles/Groups we need. I just need to fetch the roles and the engine can now associate a userid to a candidate group.

DarkStar1 · August 1, 2019, 2:59pm

How can one configure the modeler to authenticate against the custom IDM?

mmva2142 · August 4, 2019, 6:47am

is it required to implement everything? like are userQuery and GroupQuery classes both required? i checked the source code for other operations and they don’t directly use User or GroupQuery and just store the link with 3 strings. LinkId+UserId+GroupId so i think it’s safe to say they are not required.

desp.kaz · August 27, 2024, 10:50am

Hello,
this implementation extends IdmIdentityServiceImpl. I want to use keycloak users for task assignment at my springboot app. Do I need to extend IdmIdentityServiceImpl or implement IdentityService with my own custom service?

Topic		Replies	Views
Idm service and management custom implmentation Flowable Engine	5	1255	August 29, 2024
Using Spring Security for user management in Flowable Flowable Engine	3	2536	September 4, 2018
Custom IDM configuration Flowable Engine	2	848	August 7, 2020
Required privileges Flowable Engine	15	988	October 16, 2019
Using Custom User Table for IDM Authentication Flowable Engine	1	501	August 31, 2019

Custom IdentityService

Related topics