Java delegation

kayaly.dis · June 9, 2023, 2:10pm

I hava camunda 7 spring boot project and I call java delegation to do some logic, in locally env every thing working fine, but one we deploy in dev env by on cluster we received this message once process call java delegation :

ENGINE-09008 Exception while instantiating class ‘org.camunda.bpm.extension.keycloak.showcase.task.CamtDelegate’: ENGINE-09017 Cannot load class ‘org.camunda.bpm.extension.keycloak.showcase.task.CamtDelegate’: org.camunda.bpm.extension.keycloak.showcase.task.CamtDelegate

Pls any one can help us urgently.

aravindhrs · June 9, 2023, 4:13pm

@kayaly.dis Check the file path and class names are configured properly.

org.camunda.bpm.extension.keycloak.showcase.task.CamtDelegate

or

org.camunda.bpm.extension.keycloak.showcase.task.CamDelegate

kayaly.dis · June 10, 2023, 1:39pm

Hi @aravindhrs
Unfortunately, I am quite sure that the class’s path is correct, but unfortunately it does not work yet. What is really strange is that the same project and the same workflow work well on the local environment, but it does not work on the development environment.

There is also another strange thing, which is that if we put the process .bpmn in this path “src/resource ” we will not find it on the cikpit page.

We still need to urgent support because the project delivery date is approaching.

Thanks.

aravindhrs · June 10, 2023, 2:55pm

@kayaly.dis Can you share the GitHub link for the code, so that I can check it

kayaly.dis · June 10, 2023, 3:28pm

Hi @aravindhrs, thank you for quick responce.
I’m so sorry, I can’t share with you project code in GitHub because it’s exist in private network for remote control code.

I will share with you our code here.

We use this Camunda release :

And we didn’t add any thing else, we just create a new java delegation class to call it as a service task in the process.

This is cmtDelegatoin class:

package org.camunda.bpm.extension.keycloak.showcase.task;

import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.delegate.DelegateExecution;
import org.camunda.bpm.engine.delegate.JavaDelegate;
import org.springframework.http.HttpHeaders;
import org.springframework.web.client.RestTemplate;

import java.util.ArrayList;
import java.util.HashMap;

public class CamtDelegate implements JavaDelegate {

//    private final Logger LOGGER = Logger.getLogger(camtDelegate.class.getName());

    @Override
    public void execute(DelegateExecution execution) throws Exception {

        String sla = null;
        ArrayList factoryList = (ArrayList) execution.getVariables().get("slaList");
        HashMap slaMap = (HashMap) factoryList.get(0);
        switch(execution.getVariable("status").toString()) {
            case "inA":
                sla = "PT"+slaMap.get("inA").toString()+"S";
                break;
            case "reporting":
                sla = "PT"+slaMap.get("reporting").toString()+"S";
                break;
            case "entity":
                sla = "PT"+slaMap.get("entity").toString()+"S";
                break;
            case "EntityF":
                sla = "PT"+slaMap.get("EntityF").toString()+"S";
                break;
            case "reportA":
                sla = "PT"+slaMap.get("reportA").toString()+"S";
                break;
            default:

        }


        execution.setVariable("timerValue", sla);

    }
}

And this is our process :

Process is working fine till reach to service task, then exception will occurs.

And this is config:

# profile used when the application runs inside docker container, the values of the properties here must be injected
# with environment variables
spring:
  application:
    name: poc-camunda
  datasource:
    url: ${DB_URL}
    username: ${DB_USERNAME}
    password: ${DB_PASSWORD}
    driver-class-name: org.postgresql.Driver
  jersey:
    application-path: ${SPRING_JERSEY_APPLICATION_PATH}

camunda.bpm:
  history-level: non
  authorization:
    enabled: true
  filter:
    create: All tasks
  webapp.application-path:

server:
  port: ${SERVER_PORT}
  servlet.context-path: ${SERVER_SERVLET_CONTEXT_PATH}

# Metrics & Health
management:
  health.probes.enabled: true
  endpoints:
    web.exposure.include: env,health,info,metrics


# Spring Boot Security OAuth2 SSO
spring.security:
  oauth2:
    client:
      registration:
        keycloak:
          provider: ${KEYCLOAK_PROVIDER}
          client-id: ${KEYCLOAK_CLIENT_ID}
          client-secret: ${KEYCLOAK_CLIENT_SECRET}
          authorization-grant-type: ${KEYCLOAK_AUTHORIZATION_GRANT_TYPE}
          redirect-uri: ${KEYCLOAK_REDIRECT_URI}
          scope: ${KEYCLOAK_SCOPE}
      provider:
        keycloak:
          issuer-uri: ${KEYCLOAK_ISSUER_URI}
          authorization-uri: ${KEYCLOAK_AUTHORIZATION_URI}
          user-info-uri: ${KEYCLOAK_USER_INFO_URI}
          token-uri: ${KEYCLOAK_TOKEN_URI}
          jwk-set-uri: ${KEYCLOAK_JWK_SET_URI}
          # set user-name-attribute one of:
          # - sub                -> default; using keycloak ID as camunda user ID
          # - email              -> useEmailAsCamundaUserId=true
          # - preferred_username -> useUsernameAsCamundaUserId=true
          user-name-attribute: ${KEYCLOAK_USER_NAME_ATTRIBUTE}

logging.level.org.springframework.security: DEBUG

# Camunda Rest API
rest.security:
  enabled: ${CAMUNDA_REST_ENABLED}
  provider: ${CAMUNDA_PROVIDER}
  required-audience: ${CAMUNDA_REQUIRED_AUDIENCE}

# Camunda Keycloak Identity Provider Plugin
plugin.identity.keycloak:
  keycloakIssuerUrl: ${KEYCLOAK_ISSUER_URI}
  keycloakAdminUrl: ${KEYCLOAK_AUTHORIZATION_URI}
  clientId: ${keycloak.client.id}
  clientSecret: ${keycloak.client.secret}
  useUsernameAsCamundaUserId: ${CAMUNDA_USE_USER_NAME_AS_ID}
  administratorGroupName: ${CAMUNDA_ADMINISTRATOR_GROUP_NAME}
  disableSSLCertificateValidation: ${CAMUNDA_DISABLE_SSL_CERT_VALIDATION}

And this is k8s config:

apiVersion: apps/v1
kind: Deployment
metadata:
   name: camunda-dev-backend
spec:
   replicas: 1
   selector:
      matchLabels:
         app: camunda-dev-backend
   template:
      metadata:
         labels:
            app: camunda-dev-backend
      spec:
         containers:
         - name: camunda
           image: ****
           imagePullPolicy: Always
           ports:
           - containerPort: 8080
             name: http-port
           env:
           - name: DB_URL
             value: ****
           - name: DB_USERNAME
             value: *****
           - name: DB_PASSWORD
             value: *****
           - name: SPRING_PROFILES_ACTIVE
             value: "docker"
           - name: SPRING_JERSEY_APPLICATION_PATH
             value: "/engine-rest"
           - name: DB_MAX_LIFE_TIME
             value: "600000"
           - name: SERVER_SERVLET_CONTEXT_PATH
             value: "/camunda"
           - name: SERVER_PORT
             value: "8080"
           - name: KEYCLOAK_ISSUER_URI
             value: "*****/auth/realms/dev"
           - name: KEYCLOAK_AUTHORIZATION_URI
             value: "*****/auth/realms/dev/protocol/openid-connect/auth"
           - name: KEYCLOAK_USER_INFO_URI
             value: "*****/auth/realms/dev/protocol/openid-connect/userinfo"
           - name: KEYCLOAK_TOKEN_URI
             value: "*****/auth/realms/dev/protocol/openid-connect/token"
           - name: KEYCLOAK_JWK_SET_URI
             value: "*****/auth/realms/dev/protocol/openid-connect/certs"
           - name: KEYCLOAK_USER_NAME_ATTRIBUTE
             value: "preferred_username"
           - name: KEYCLOAK_SCOPE
             value: "openid, profile, email"
           - name: KEYCLOAK_REDIRECT_URI
             value: "{baseUrl}/{action}/oauth2/code/{registrationId}"
           - name: KEYCLOAK_AUTHORIZATION_GRANT_TYPE
             value: "authorization_code"
           - name: CAMUNDA_REST_ENABLED
             value: "true"
           - name: CAMUNDA_PROVIDER
             value: "keycloak"
           - name: CAMUNDA_REQUIRED_AUDIENCE
             value: "camunda-rest-api"
           - name: KEYCLOAK_ADMIN_URL
             value: "****/auth/admin/realms/dev"
           - name: KEYCLOAK_CLIENT_ID
             value: "camunda-backend"
           - name: KEYCLOAK_PROVIDER
             value: "keycloak"
           - name: KEYCLOAK_CLIENT_SECRET
             value: "****"
           - name: CAMUNDA_USE_USER_NAME_AS_ID
             value: "true"
           - name: CAMUNDA_USE_EMAIL_AS_ID
             value: "false"
           - name: CAMUNDA_GROUP_PATH_AS_GROUP_ID
             value: "true"
           - name: CAMUNDA_ADMINISTRATOR_GROUP_NAME
             value: "camunda-admin"
           - name: CAMUNDA_DISABLE_SSL_CERT_VALIDATION
             value: "true"
           - name: CAMUNDA_BPM_HISTORY_LEVEL
             value: "audit"
           - name: CAMUNDA_BPM_AUTHORIZATION
             value: "true"
           - name: CAMUNDA_BPM_FILTER
             value: "All tasks"

Best Regards.

cpbpm · June 11, 2023, 11:23am

When it’s working on your local environment is you can download the required all the dependencies for your project as it needs(Keycloak and related jars).

When you deploy the code to server(Kubernetes), it may not reach to the internet and download the required jar files and hence class is not found, error is thrown.

Two options.

Package all the required jars inside the code and do the deployment.
Put the jars in shareable directory and read that directory as volume mount.

Check with your infra team, to make sure that vulnerability test is passed to deploy the code.

Hope this helps for your issue.