In Chapter 4, Operation Management, we saw how the KIE workbench features JAAS-based user authentication and RBAC for the UI functionalities by means of the user.properties
and roles.properties
files.
The jBPM engine does not have built-in authentication or fine-grained authorization functionalities on process creation or task operations. TaskService and the human task management of users and groups with respect to task operations are delegated to a custom implementation of the UserGroupCallback
interface. Here, the developer is able to implement his/her own task authorization mechanism by hooking into a custom identity management system or an ad hoc implementation.
jBPM provides a set of ready-to-use, configurable UserGroupCallback
implementations: