Hi,
Hope all the readers are doing fine in current scenarios. I have a question around system tasks in Flowable. Under which user the system tasks run.
I have changed the Authentication filter to pass all calls to flowable without any authorization and I save the Bearer token there and then. The problem I have is if I want to make any call to our external authorization system as a service task I have now way to derive this token. Is there a way I can do the same?
Thanks,
Deepanshu
Hey @pahujadeepanshu,
I am not quite following what you need to do.
If you are using Spring then you can get a hold of the current Security Context and extract all the information that you need from there in your service task implementation.
Keep in mind that if you are using async service tasks there is no authentication context and you’ll need to save the token as part of your process in a step before the async service task.
Cheers,
Filip
So this essentially means if a process can form async tasks then there is no logging who did those tasks. At max, it can preserve the initiator if I am correct and if not, probably a variable can do that.
But lets say, I have some async tasks that run one after another and my flowable instance is part of a bigger system actually talking to a third party authentication system, then for flowable it may seem OK but my calls to other services in the bigger ecosystem need some user token flow.
Any thoughts ?
BR/
Deepanshu
Yes. Flowable doesn’t care here, the user id is data which might come from another place, as you say.
Ok, so do you think it makes sense to have something there wherein these days its easy to assume flowable could be one of the microservices with a third party authentication.
Yes, in fact that’s often how it’s deployed. E.g. using Spring Boot + custom security configuration.