BPM ADF Task forms. Checking whether the current user is in a BPM Swimlane

Focus


So this blog entry will focus on BPM Swimlane roles and users from a ADF context.


So we have an ADF Task Details Form and we are in the process of making it richer and dynamic in functionality. A common requirement could be to dynamically show different areas based on the user logged into the workspace. Perhaps even we want to know even what swim-lane role the user belongs to.


It is is a little bit harder to achieve then one thinks unless you know the trick.


The Challenge


The tricky part here is that the ADF Task Details Form is in fact part of a separate J2EE application to the main workspace. So if you try to use Java or Expression Language to get the logged in user you will only find anonymous and none of the BPM Roles you will be expecting. So what to do?


The Magic


First add the BC4J Security library to your view project.


BC4JLib


Then Restart JDeveloper.


Now find the web.xml file in the view project of your ADF Task Details Application and look for the JpsFilter section. Then add in the following section.


<init-param>
<param-name>application.name</param-name>
<param-value>OracleBPMProcessRolesApp</param-value>
</init-param>



This will link your application to that of the BPM workspace.


web.xml




Then in your dynamic part of your ADF form you can now check whether the user logged into the BPM Workspace belongs in a BPM swim-lane in any BPM process. The best way to do this is by using expression language in the JSF page itself. Here I am simply changing the rendered flag to either true or false and thereby hiding or showing a section.


Perhaps you are re-using the same form for a task in an approver swim-lane and ordinary user swimlane. So we only want the approver to see this field.


So call the built in function to check if the user is a member of the BPM swim-lane role. The name of the role must be of the syntax BPMProject.RoleName


<af:outputText value="This will only be rendered when the user is part of the BPM Swimlane Role
rendered="#{securityContext.userInRole['BPMProjectName.Rolename']}"/>



rendered


Now you must redeploy your ADF Task Form project


Now (in the image above) the text will ONLY get rendered in the Task Details Form only if the user logged into the workspace is a member of the swimlane Unsecure of the BPM project SimpleTask

Comments:

Does this approach allow for looking at user roles across applications - where I want to check if a user is a member of a particular group space in web center assuming you add that app definition in your adf init-param?

Posted by James Calise on November 12, 2012 at 02:52 PM PST #

Hi Christopher,
I followed your simple instructions but they don't make the magic on my system (I'm working with the demo virtual machine provided by oracle that has a BPM Suite 11.1.1.6).
Do you know why?

Posted by Massimiliano on November 20, 2012 at 02:32 AM PST #

Hi Massimiliano,

Without knowing the exact details its hard to say. I would check again that you are looking for the correct swimlane roles. i.e BPMProjectName.Rolename

Thanks

Christopher

Posted by Christopher katl Chan on November 20, 2012 at 04:56 AM PST #

James Calise,

With regards to your webcenter question. If the webcenter is deployed to the same weblogic server, then you should be able to use the same approach to access the application roles of that application.

Thanks

Christopher Karl Chan

Posted by Christopher katl Chan on November 20, 2012 at 05:10 AM PST #

Thanks for your replay Christopher,
and I understand your point but there is not much to say:
- I added the BC4J library in my view project
- I restarted JDeveloper as you said
- I Added in the web.xml exactly where you said the
<init-param>
<param-name>application.name</param-name>
<param-value>OracleBPMProcessRolesApp</param-value>
</init-param>
- I redeployed my application
(in fact these are trivial tasks, not much options to mistake them)
nevertheless I keep getting anonymous if for example I put a <af:inputText label="userName" id="it4" value="#{securityContext.userName}"/> in my jspx page, and a 'false' in whatever group I put in #{securityContext.userInRole['MyApp.MyRole']} even if I can browse the very same group in the OracleBPMProcessRolesApp through the Enterprise Manager 11g console).
The only extra info that I could give you is that I'm using the BPM Suite versione 11.1.1.6.0 and the oracle pre-prepare vm soabpm-vm available for download.
What am I missing?
Thanks

Posted by Massimiliano on November 20, 2012 at 06:01 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Christopher Karl Chan

me
Christopher is a Principal Solutions Architect in the FMW Architects team aka the A-Team.
The A-Team is the central, technical, outbound team as part of the FMW Development organization working with Oracle's largest and most important customers.




Locations of visitors to this page

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today