Red Hat Bugzilla – Bug 800508
Human task service has hardcoded users and groups
Last modified: 2016-07-31 21:13:29 EDT
Description of problem: Human task service is unusable out-of-the-box. It gets it's users and groups from mvel files deep down in the jbpm-human-task.war directory structure (server/<profile>/deploy/jbpm-human-task.war/WEB-INF/classes/org/jbpm/task/servlet/ with files LoadGroups.mvel and LoadUsers.mvel). Documentation does not mention it and the user won't be able to find it. JBPM Console, which uses this human task service, gets its users from users.properties and roles.properties (more or less), it would make sense to do the same for the rest of the BRMS platform, in this case namely the human task service. This is quite evident once you add your own users (let's say "user1234") to those properties files and then try to assign him a task. User user1234 won't see this task. Version-Release number of selected component (if applicable): BRMS 5.3.0 ER4
Pull request ready and available at: https://github.com/droolsjbpm/jbpm/pull/71 Allows user to define user and group load files via init paramters in web.xml as other configuration elements of HumanTaskServerServlet. Accepts both mvel and properties files. Location can be specified on classpath (prefixed with classpath:) or by any valid URL.
It can now be configured where to load users and groups from, as well as the usergroupcallback. When BZ-769931 is resolved, this would for example allow you to configure a callback that looks up users / roles based on JAAS.
Update status to ON_QA. Please verify them against ER6.
It is configurable, providing your own usergroupcallback implementation works, I was able to use different mvel files too, using both classpath: and URL. There's some problem with properties files, I'll be filing a new BZ for that shortly. Even with that little problem, this is VERIFIED, as it is possible to configure these things.