Author Archives: Ralph Soika

JSON Web Token and JASPIC

The Imixs Project started a new JSON Web Token project called Imixs-JWT.

Imixs-JWT is a compact easy to use library to generate and verify JSON Web Tokens. The library is based on maven and can be add with the following dependency available from Maven Central:

<dependency>
 <groupId>org.imixs.jwt</groupId>
 <artifactId>imixs-jwt</artifactId>
 <version>1.0.0</version>
</dependency>

The following example shows how to build a JWT in Java:

import org.imixs.jwt.*;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;

...
// We need a signing key...
SecretKey secretKey = HMAC.createKey("HmacSHA256", "secret".getBytes());
String payload="{\"sub\":\"1234567890\",\"name\":\"John Doe\",\"admin\":true}";
JWTBuilder builder = new JWTBuilder().setKey(secretKey).setJSONPayload(payload);
System.out.println("JWT=" + builder.getToken());

// will result in:
// eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
// eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.
// TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

 

JASPIC Auth Module for JWT

The project also provides a JASPIC authentication module. JASPIC is an authentication standard and can be used in Java EE application servers. The module was tested with Wildfly 10 and can be used also with different application servers.

 

 

Imixs Joins the Java EE Guardians

The Imixs Software Solutions GmbH and the Open Source projekt Imixs-Workflow has joined the Java EE Guardians.

The Java EE Guardians is an independent group of people interested in moving Java EE forward. The purpose of this group is advocacy, raising awareness, finding solutions, collaboration and mutual support. We believe that together – including Oracle – we can prove that this is the dawn of a new era for an ever brighter future for Java, Java EE and server-side computing.

The Imixs-Workflow project supports the Java EE Guardians with a series of articles about the Java Enterprise Architecture. We published a new architectural approach to control a complex business process within a Microservice architecture running on the Java EE Stack.

The Imixs-Workflow project has evolved over several years and has been following the Java EE standard from the beginning. As a result, we were able to work with a stable code base and benefit directly from a multitude of modern software concepts. Some code of the Imixs-Workflow project has not changed over the years, other code was simplified by introducing new and modern language concepts within the Java EE platform. This will enable developers, community members and our customers to benefit from the sustainable and modern Java EE platform.

Eclipse Oxygen and BPMN 2.0

Eclipse Oxygen (Version 4.7), which will be released in June of this year, includes also the next version of the BPMN2 Modeler Tool. The Eclipse BPMN2 Modeler is a graphical modeling tool for authoring business processes based on the Business Process Model and Notation (BPMN) 2.0. read more »

Why Imixs-Workflow Builds on Java EE

The Open Source Workflow Project Imixs-Workflow has started in 2007 with the beginnings of the new Java EE platform. From then until now, th Java Enterprise Platform has evolved dramatically and is today, with its current version v7, a robust and widely used enterprise architecture.

Why is it so important to our Open Source project to build on Java EE? read more »

Email Templates with Imixs-Workflow

With the latest release of Imixs-Workflow the open source workflow engine supports now Email Templates. With this new feature the email output can be based on a XSL Template. This opens up a powerful way to configure the mail content of more complex e-mail messages during the lifecycle of a business process.

Email Templates

The new template mode can be easily configured using the Imixs-BPMN Modeling Tool by putting a valid XSL document into the mail body definition. The template will be processed automatically with the XML representation of the current workitem.

See the following XSL Template example:

<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet xmlns="http://www.w3.org/1999/xhtml"
 xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
 <xsl:output method="html" media-type="text/html" indent="no"
 encoding="ISO-8859-1" />
 <xsl:template match="/">
  <html>
    <body>
     <h1>Welcome</h1>
     <h2>
       <xsl:value-of select="document/item[@name='txtname']/value" />
     </h2>
    </body>
  </html>
 </xsl:template>
</xsl:stylesheet>

Imixs-Workflow supports the BPMN 2.0 standard and is build up on the Java EE specification. For that reason, it is easy to connect the open source workflow engine with a mail host in various ways. Open Source Mail servers as also Microsoft Exchange are supported. Find more details about the Imixs-MailPlugin in the plugin section of the project documentation.

New Release – Imixs-BPMN Report 1.4.6

The new version 1.4.6 of the Imixs-BPMN Plugin is released. The new release includes bugfixes and enhancements. The Imixs-BPMN Report Plugin which is part of the Imixs-BPMN modelling tool now provides a new feature to directly include the content of a XSL file into a report definition:

Imixs-BPMN Report 1.4.6

Reports allow the extraction of information from a Imixs-Workflow instance. Imixs-Workflow provides a flexible REST-API to customize the output of a report. This includes the XSL Transformation. With this feature, workflow information can be transformed in any kind of output, like XML, JSON and also different document formats like PDF or MS-Word or MS-Excel.

The workflow business suite Imixs-Office-Workflow includes a management dashboard with different char diagrams to visualize relevant business process data.

Imixs-Office-Workflow with Imixs-BPMN Report 1.4.6

Imixs-BPMN is based on the Eclipse BPMN2 Project. The installation guide for Imixs-BPMN can be found here.

How to use Environment Variables in WildFly Docker Containers

When setting up a Wildfly server, it is possible to use environment variables in the standalone.xml file by using the Bean Shell expression.

See the following example which sets up the database, user and password in a database configuration in the standalone.xml file by accessing environment variables:

<datasource jta="true" jndi-name="java:/jdbc/my_datasource" pool-name="my_pool" enabled="true" use-ccm="true">
    <connection-url>${env.POSTGRES_CONNECTION}</connection-url>
    <driver-class>org.postgresql.Driver</driver-class>
    <driver>postgresql</driver>
    <security>
      <user-name>${env.POSTGRES_USER}</user-name>
      <password>${env.POSTGRES_PASSWORD}</password>
    </security>
</datasource>

With the Bean Shell expression it is not necessary to turning parameters into System Properties: just use the expression:

${env.SYSTEM_ENVIRONMENT_VAR}

Especially when running wildfly in a docker container, this can be very helpful, because you can pass through environment variables to the container:

docker run --name="wildfly" -d -p 8080:8080 -p 9990:9990 \
    -e WILDFLY_PASS="admin_password" \
    -e POSTGRES_USER="my-postgres-user" \
    -e POSTGRES_PASSWORD="mypassword" \
    -e POSTGRES_CONNECTION="jdbc:postgresql://postgres/mydb" \
    imixs/wildfly

Also in combination with docker-compose environment variables can be set in the docker-compose.yml file. See the next example of a docker-compose.yml file, which sets up a postgres service and a wildfly service with a connection pool configuration as defined before in the standalone.xml:

postgres:
 image: postgres:9.6.1
 environment:
 POSTGRES_PASSWORD: mypassword
 POSTGRES_DB: mydb

mywildflyservice:
 image: imixs/mywildfly
 environment:
 POSTGRES_USER: "my-postgres-user"
 POSTGRES_PASSWORD: "mypassword"
 POSTGRES_CONNECTION: "jdbc:postgresql://postgres/mydb"
 ports:
 - "8080:8080"
 - "9990:9990"
 - "8787:8787"
 links: 
 - postgres:postgres

This is an example, which we use in combination with the wildfly docker container provided by the Imixs-Workflow project.

Don’t model Business Behavior in Objects!

During the past years I saw many projects where nearly any kind of business requirements was modeled into the technical object model, independent of the reason of the requirement. In many cases, modelling business requirements into a technical object model is quite ok and I agree with it in general. But also modelling business requirements into the affected business objects can lead into a ugly and complicated data structure. Let’s look into a short example to illustrate my thoughts: read more »

How to Integrate Imixs-Workflow with Single Sign On

Imixs-Workflow can now be easily combined with the Open Source Identity and Access Management solution Keycloak. Keycloak is an Open Source Identity and Access Management Server which can be used together with Wildfly to authenticate users with a modern authentication mechanism based on OpenID Connect SAML and OAuth. This is a short tutorial how to setup the Single Sign On Server Keycloak and configure the Imixs-Workflow to authenticate users. read more »

How to secure Business Objects

This post explains how you can secure your business objects in a model driven way, using the Imixs-Workflow engine.

Most applications deal with security in a functional way. This means that a business application typically defines different functional roles which are mapped to different users. For example let’s look on a simple Ordering System. In an Ordering System, we will have roles like

  • Order-Creator‘ – creating the order
  • Order-Approver‘ – validating and approving
  • Order-Executor‘ – execution

These roles are typical for such an business application and mostly tightly coupled to the corresponding business methods – e.g. createOrder(), approveOrder() and executeOrder(). This works well in a monolithic business application where you can control the security layers as also the business logic. But as more complex the business application becomes, also the enclosed security becomes more complicated. For modern application design, in addition, you often have to deal with external web services and business logic which need to be adapted easily to changing requirements. So this static security model leads into a hell of hard coded business rules or, what is worse, can no longer guarantee the security. read more »