How to use custom user and group

My system has user table and group table, I don’t want to use flowable v6.0.0 identity tables like act_id_***. If I don’t use act_id_*** tables, can I use this configuration:

<bean id="processEngineConfiguration" class="org.flowable.engine.impl.cfg.StandaloneInMemProcessEngineConfiguration">
  <property name="disableIdmEngine" value="true" />
  ...
</bean>

I implement UserEntityManager and SessionFactory.

@Component
public class CustomUserManager implements UserEntityManager {

    @Autowired
    private UserService userService;
......
}


@Service
public class CustomUserManagerFactory implements SessionFactory {

    @Autowired
    private CustomUserManager customUserManager;

    @Override
    public Class<?> getSessionType() {
        return UserEntityManager.class;
    }

    @Override
    public Session openSession(AbstractCommandContext abstractCommandContext) {
        return customUserManager;   //return fail
    }
}

custom session factory add to processEngineConfiguration.

<bean id="processEngineConfiguration"
          class="org.flowable.spring.SpringProcessEngineConfiguration">
        ......
        <property name="disableIdmEngine" value="true" />
        <property name="customSessionFactories">
            <list>
                <bean class="org.flowable.custom.CustomUserManagerFactory" />
                <bean class="org.flowable.custom.CustomGroupManagerFactory" />
            </list>
        </property>
      ......
    </bean>

I am a flowable newcomer, can you give me a exmple? Thanks.

2 Likes

Hi,

Yes you should indeed use disableIdmEngine=true.
The flowable-ldap module shows how you can override the IdmIdentityService and implement your own idm logic. This section in the user guide also described this -> http://www.flowable.org/docs/userguides/userguide/index.html#_idm_engine_configuration

Best regards,

Tijs

Dear zhanyuerong,
Can you give more details on how you implemented your own logic for idm? I’m in the same situation and i came across this post. I would appreciate a more detailed explanation/code example. I want to integrate this new idm logic with Spring and oracle. Thank you very much.

Hi, it’s been a month since your last reply, so I suppose you have found something, can you please share the same?

Hello, i actually replied in another post. So basically you need to know why you have to implement idm? if you need idm to connect tasks/process or anything for that matter to a user or a group, you need to know that there is no need to have them inside idm. you can easily add them by IdentityLink or just add them as flowable variables like flowable:assignee .
if you need idm for security, again you don’t have to. you can easily use flowable inside a spring application then secure everything with spring.
if you absolutely need to implement idm services, download flowable source code and find LDAP implmenetation. there are a couple of interfaces for you to implement which are not that hard. also define User/Group query for your needs and you are good to go. Open source code for every class/interface LDAP implements. methods are self explanatory. just remember that if you set any value on user/group queries, it returns the query, then run list/execute on that query to get your results. goodluck

1 Like

Goal: For now I want to use the flowable IDM for security in my spring boot project but for the user and groups I want it to redirect to custom tables which I have created instead of default tables like ACT_ID_USER, etc.

Also, I checked the LDAP configuration which I need to provide in properties file and injecting LDAPCOnfigurator instance in idmProcessEngineConfigurator.

Is there any other way to achieve my goal other than LDAP configuration?
I’m asking it because I don’t have any LDAP server, i’m just creating separate table for user and group and trying to use them.

Also, I don’t want to use xml for doing above configurations.

Dear @akki , i didn’t mean you need to use the LDAP configuration, i meant check how LDAP configuration was coded on top of the Flowable IDM interfaces and such so you can get an idea on how to implement yours. For security i suggest you use spring security, with spring boot you can config that in a very short time. as for your users/groups, you can easily manage them to your liking. when you want to work with users/groups for process and tasks, you can add IdentityLink really easily or add flwoable:assignee to your process and provide the user/group name. Candidate users/groups, participant, starter, owner all of them are supported. So if you look at it, you don’t need to connect anything to flowable. you have two solutions: 1- just forget about IDM, do your own work and connect everything yourself to your forms/process/tasks… etc. 2- implement IDM interfaces according to how the ldap config implements them. Hope that clears your confusion.

Okay thanks, I will try that