Hi, I’m new in Camunda
I want to ask if maybe I do not use the user table on the Camunda scheme? Because I already have own user table.
What should I do with a case like this? Do I have to enter data into two user tables?
Can someone suggest me for best solution and implementation?
Thank you.
Hi David,
first of all: since this question is not related to the spring boot extension, you will have more chances for helpful answers if you post it to the “engine” channel.
That being said: using the camunda user/group tables and the default IdentityService is by far the easiest, especially when you are new to the platform. We often worked with import scripts where we copied users from our custom tables to the camunda tables once/twice per day.
If you really want to use your own, hae a look at custom Identyservice implementations, see https://docs.camunda.org/manual/7.6/user-guide/process-engine/identity-service/
regards
Jan
Thank you for your answer Mr. Jan Galinski, but I still need for another solutions.
Can someone have same case with me? Please suggest me
Thank you
As I said: please ask your (not uncommon) question on the “engine” main forum, you will have much higher attention there and hopefully find someone who did this already and can advise you.
I’m sorry Mr. Jan, where is “engine” main forum?
No Prob … https://forum.camunda.io/c/engine
Hi @davidch,
As Jan already wrote, have a look at the documentation if you want to use your own tables, e.g. identity service implementation. There is a post describing the todos at the old camunda forum. Also you can browse through the LDAP plugin source code.
Cheers,
Christian
Hi,
I’ve followed the old camunda forum and understand the way we must configure it in camunda’s ProcessEngine (by following the explanation code), but I have some problem on implementing the ReadOnlyIdentityProvider.
I tried it by seeking the default DbReadOnlyIdentityServiceProvider implementation and found it really complex for me. I really can’t understand how the implementation works especially with the createUserQuery method and the CommandContext parameter. Is it really that complex or we can implemented it in a simple way?
What I really need is just a simple replacement for Identity Entities (I got my own custom entities and database scheme for user, group, and other identity entities).
Is there any simple implementation of ReadOnlyIdentityProvider? Or maybe another alternative? (I don’t want to use the ldap for some reason)
Big Thanks,
Ashlah
It is much easier to try and understand the LDAP plugin [1] rather than looking at (org.camunda.bpm.engine.impl.identity.db.DbReadOnlyIdentityServiceProvider). As this has all the parts you need to implement. My implementation looks like it is very out of date.
Basically in the background of Camunda platform - when ever a search for a group & or user happens it runs via an implementation class of UserQuery or GroupQuery. Where the results are of type org.camunda.bpm.engine.identity.User or org.camunda.bpm.engine.identity.Group.
For you – the UserQuery or GroupQuery will provide the fields that the platform is using to search for either user or group. You will use attributes of these objects to populate your own query against your own custom entities and database scheme. And your own query will return your custom entities which will need to be mapped to Camanda’s User or Group so the rest of the platform can work with it.
Hence as part of writing your own ReadOnlyIdentityProvider you will also need to implement these two interfaces (UserQuery & GroupQuery). Really just a copy of the ones in the Ldap implementation… nothing special.
https://github.com/camunda/camunda-bpm-platform/blob/master/engine-plugins/identity-ldap/src/main/java/org/camunda/bpm/identity/impl/ldap/LdapUserQueryImpl.java / LdapGroupQueryImpl.java
and Where they have LdapIdentityProviderSession… this will be your own ReadOnlyIdentityProvider
Then for the createUserQuery functions (even with the CommandContext param) you just return your own UserQuery & GroupQuery that you created above. The CommandContext is how the Camunda platform links into actually executing either a user or group query however that many be implemented.
And the UserQuery & GroupQuery allow you to know what fields are being searched for/against eg: when you override
@Override
public List findUsersByGroupId(YourOwnUserQueryImpl query) {
}
you can use the query (query.getGroupId()) to get the value that is being used to search for users in a group with by the groupid.
Notice here that the function returns a list of org.camunda.bpm.engine.identity.User … you will need to map between your own UserEntity and the Camunda User
So … when you over riding functions it’d be like
@Override
public List findUsersByGroupId(YourOwnUserQueryImpl query) {
1. do your custom query to get a list of your own user entity’s in the group with groupID from query.getID()
2. Map between your user entity & Camunda User eg:
List userList = new ArrayList();
List persons = yourOwnWayOfQueryingUsersInAGroup.findUsersByGroupId(query.getID());
transformMyPersonBeansToUsers(persons);
return userList
}
My ReadOnlyIdentityProvider is really a whole lot of classes very very similar to the LDAP implementation. The only difference is in the functions that have been overridden like findUsersByGroupId (but they are all as explained above)
I hope that helps - let me know if you have any other questions
Regards
Melissa
[1] https://github.com/camunda/camunda-bpm-platform/tree/master/engine-plugins/identity-ldap