Bug 778189 (SOA-694)

Summary: Services that are part of jBPM Orchestrations should also be securable
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Jeff DeLong <jdelong>
Component: SecurityAssignee: Mark Little <mark.little>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.3 IR1   
Target Milestone: ---   
Target Release: 4.3 CP01   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-694
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-24 13:17:56 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jeff DeLong 2008-08-20 13:54:05 UTC 
Date of First Response: 2008-09-19 09:17:02
project_key: SOA

With jBPM orchestrated services, we want to map the security context which is being maintained in message properties into jBPM context variables, and back into the ESB message.
Comment 1 Mark Little 2008-09-19 13:17:02 UTC 
From Jeff ...

"The SSO token can be propagated between services orchestrated by jBPM by copying it back and forth between the jBPM Context and the ESB Message. For example:

                <action name="create_new_process_instance" class="org.jboss.soa.esb.services.jbpm.actions.BpmProcessor">

                   <property name="command" value="StartProcessInstanceCommand" />

                   <property name="process-definition-name" value="helloWorld"/>   

                   <property name="esbToBpmVars">

                        <mapping esb="BODY_CONTENT" bpm="request" />

                        <mapping esb="properties.'org.jboss.soa.esb.services.security.context'" bpm="securityContext" />

                   </property> 

                   </action>    

Note that the dot delimited context name has single quotes around it, and is prefaced with properties, since that is where the security context is currently situated in the ESB Message. A similar mapping must be configured in the JPDL process definition ESB Service Node."
Comment 2 Martin Vecera 2008-10-20 11:57:51 UTC 
It is not possible to propagate security context in this way because it is not accessible in action pipeline (esbMessage.getContext().removeContext(SecurityService.CONTEXT); is called before processing the pipeline).
Comment 3 Kevin Conner 2008-10-20 12:32:02 UTC 
Link: Added: This issue depends JBESB-2122
Comment 4 Kevin Conner 2008-10-20 12:34:23 UTC 
Not only that but the location has moved to a context area.

In theory the security context should be driven by the jBPM process but this is not happening.

We are therefore going to investigate some workarounds, one of which might be to use the initial context.  Of course this particular suggestion does not help if the process instance is *not* created by the ESB.
Comment 5 Dana Mison 2009-03-16 00:13:31 UTC 
Release Note:
JBESB-2122
Security contexts can now be propagated between ESB services and jBPM Orchestrations.
Comment 6 Martin Vecera 2009-03-24 13:17:56 UTC 
Verified with CR5 and added to automated tests.