Category Archives: Architecture

Architecture News

Imixs-Cloud – The Next Version of a Lightweight Docker Swarm Environment

Imixs-Cloud is a conceptual infrastructure project, describing a way to create a server environment for business applications based on Docker Swarm. In the current version we added a new concept about how to manage all the configuration in a private git repository. This makes it more easy to setup the environment form the scratch.

Architecture News

Imixs-BPMN – Data Objects

With the latest version 4.2.5, the Imixs-Workflow Engine, is now supporting BPMN Data Objects. This kind of model element can be used to model more complex wokflows processing input data:

With this new feature any kind of data object – e.g. a XML or HTML templates – can be associated with a BPMN Task. As a result, the task element will provide these data objects in the new item ‘dataObject’. This item can be injected into a running process instance. See the following code example which is injecting a ‘Invoice HTML template’ into a workitem:

ItemCollection task = model.getTask(1000);
List<?> dataObjects = task.getItemValue("dataObjects");
if (dataObjects.size()>0) {
  String[] data=(String[]) dataObjects.get(0);
  String templateName=data[0];
  String content=data[1];
  if ("Invoice Template".equals(templateName) {
    // inject data...

DataObjects are part of Imixs-Office-Workflow Version 3.2  to provide an easy and flexible way to create documents and templates during a business process.

Architecture News

Imixs-Cloud – a Lightweight Docker Swarm Environment

The Imixs-Project started the new subproject Imixs-Cloud.

Imixs-Cloud is a conceptual infrastructure project, describing a way to create a server environment for business applications. One of the main objectives of this project is to focus on simplicity and transparency. The general idea is to setup a lightweight docker based infrastructure with docker swarm. Within this infrastructure business applications like Imixs-Office-Workflow can be deployed in a fast and easy way.
Imixs-Cloud is developed as part of the Open Source project Imixs-Workflow and continuous under development. To contribute to this project please report any issues here. All source are available on Github.

Architecture Development

Using Hadoop as an Archive Solution

In the Imixs-Workflow project we are currently working on a new archive solution to archive business data into a big data storage. The main goal is to store business data over a very long period of time (10 to 30 years). Therefore we evaluate different big data solutions and concepts to be integrated with the Imixs-Workflow system. read more »

Architecture News

JSON Web Token and JASPIC

The Imixs Project started a new JSON Web Token project called Imixs-JWT.

Imixs-JWT is a compact easy to use library to generate and verify JSON Web Tokens. The library is based on maven and can be add with the following dependency available from Maven Central:


The following example shows how to build a JWT in Java:

import org.imixs.jwt.*;
import javax.crypto.SecretKey;

// We need a signing key...
SecretKey secretKey = HMAC.createKey("HmacSHA256", "secret".getBytes());
String payload="{\"sub\":\"1234567890\",\"name\":\"John Doe\",\"admin\":true}";
JWTBuilder builder = new JWTBuilder().setKey(secretKey).setJSONPayload(payload);
System.out.println("JWT=" + builder.getToken());

// will result in:
// eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
// eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.
// TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ


JASPIC Auth Module for JWT

The project also provides a JASPIC authentication module. JASPIC is an authentication standard and can be used in Java EE application servers. The module was tested with Wildfly 10 and can be used also with different application servers.




Why Imixs-Workflow Builds on Java EE

The Open Source Workflow Project Imixs-Workflow has started in 2007 with the beginnings of the new Java EE platform. From then until now, th Java Enterprise Platform has evolved dramatically and is today, with its current version v7, a robust and widely used enterprise architecture.

Why is it so important to our Open Source project to build on Java EE? read more »

Architecture Development

How to use Environment Variables in WildFly Docker Containers

When setting up a Wildfly server, it is possible to use environment variables in the standalone.xml file by using the Bean Shell expression.

See the following example which sets up the database, user and password in a database configuration in the standalone.xml file by accessing environment variables:

<datasource jta="true" jndi-name="java:/jdbc/my_datasource" pool-name="my_pool" enabled="true" use-ccm="true">

With the Bean Shell expression it is not necessary to turning parameters into System Properties: just use the expression:


Especially when running wildfly in a docker container, this can be very helpful, because you can pass through environment variables to the container:

docker run --name="wildfly" -d -p 8080:8080 -p 9990:9990 \
    -e WILDFLY_PASS="admin_password" \
    -e POSTGRES_USER="my-postgres-user" \
    -e POSTGRES_PASSWORD="mypassword" \
    -e POSTGRES_CONNECTION="jdbc:postgresql://postgres/mydb" \

Also in combination with docker-compose environment variables can be set in the docker-compose.yml file. See the next example of a docker-compose.yml file, which sets up a postgres service and a wildfly service with a connection pool configuration as defined before in the standalone.xml:

 image: postgres:9.6.1

 image: imixs/mywildfly
 POSTGRES_USER: "my-postgres-user"
 POSTGRES_PASSWORD: "mypassword"
 POSTGRES_CONNECTION: "jdbc:postgresql://postgres/mydb"
 - "8080:8080"
 - "9990:9990"
 - "8787:8787"
 - postgres:postgres

This is an example, which we use in combination with the wildfly docker container provided by the Imixs-Workflow project.

Architecture Development

Don’t model Business Behavior in Objects!

During the past years I saw many projects where nearly any kind of business requirements was modeled into the technical object model, independent of the reason of the requirement. In many cases, modelling business requirements into a technical object model is quite ok and I agree with it in general. But also modelling business requirements into the affected business objects can lead into a ugly and complicated data structure. Let’s look into a short example to illustrate my thoughts: read more »


How to Integrate Imixs-Workflow with Single Sign On

Imixs-Workflow can now be easily combined with the Open Source Identity and Access Management solution Keycloak. Keycloak is an Open Source Identity and Access Management Server which can be used together with Wildfly to authenticate users with a modern authentication mechanism based on OpenID Connect SAML and OAuth. This is a short tutorial how to setup the Single Sign On Server Keycloak and configure the Imixs-Workflow to authenticate users. read more »

Architecture Development

How to secure Business Objects

This post explains how you can secure your business objects in a model driven way, using the Imixs-Workflow engine.

Most applications deal with security in a functional way. This means that a business application typically defines different functional roles which are mapped to different users. For example let’s look on a simple Ordering System. In an Ordering System, we will have roles like

  • Order-Creator‘ – creating the order
  • Order-Approver‘ – validating and approving
  • Order-Executor‘ – execution

These roles are typical for such an business application and mostly tightly coupled to the corresponding business methods – e.g. createOrder(), approveOrder() and executeOrder(). This works well in a monolithic business application where you can control the security layers as also the business logic. But as more complex the business application becomes, also the enclosed security becomes more complicated. For modern application design, in addition, you often have to deal with external web services and business logic which need to be adapted easily to changing requirements. So this static security model leads into a hell of hard coded business rules or, what is worse, can no longer guarantee the security. read more »