I got the flowable event registry working that I can start a process by sending a message to a rabbitmq queue. Now I want to check if the keycloak user who sends this message is authorized to start this process. Is there anything like the SpringSecurityFilter Chain I can hook into, or should it be done otherwise?
When Flowable receives the message, it’s devoid authentication information. Or do you have set up your rabbitMQ in a way that it is somehow running in ‘authentication mode’?
One option could be to build in the check in the BPMN model itself, and go to an end event when the passed user id isn’t allowed to do something.