Activiti supports two main entry points that you need to implement in order to integrate your identity solution. These are the user manager and the group manager classes. We will first create a factory for group/user management, and then implement the class that we create in the factory. Lets take a dive into the code, implementing the MyGroupManagerFactory class first:
We will also want to provide a factory for user management classes, so here is the MyUserManagerFactory :
As you can see above we assume that we want to get connection prams in the instantiation of the classes (assume MyConnectionParams is a simple POJO, and implement it for your needs). Moreover, you will need the Activiti engine jar file in your classpath.
We now implement MyGroupManager and MyUserManager classes. We did not not detail the entire code, but created an example to show what must be implemented and what you can skip. In MyGroupManager we only implemented the findGroupByQueryCriteria, and findGroupCountByQueryCriteria. Methods that are marked with TODO notation are mandatory in order to work with Activiti core engine. If you want to work with Activity Explorer - implement all the methods.
In MyUserManager, we have implemented findUserCountByQueryCriteria and findUserByQueryCriteria. Again - the methods that are marked with TODO notation are mandatory in order to work with Activiti core engine.
The only thing left to do is to inject (using Spring) our classes to the Activity engine configuration. We will need to inject MyConnectionParams as well as the factories themselves. Find your configuration file and add:
That’s it. You can now use your own users and groups to create processes, deploy them, login to the Activiti Explorer or Rest API, etc.
So, here are a few extra pointers about Activiti Identity:
- First of all there are 3 predefined group types:
- Now, no one tells you this, but if you are using Activiti Explorer, and you want your user to have admin privileges (i.e. be able to see the 'manage' tab), then the user's group type must be 'security-role' and the user's group name must be hard coded 'admin'. This means you will need to create some special code hacking for special users to use the Activiti Explorer.
- Lets say you created a process that has a user task with a candidate group option (denote said group as X). NOTE: If you start a process instance, than only if the type of the group X is 'assignment' then users that belong to X will be able to claim the task. Otherwise, the user will not be able to claim the task at all.