Imixs-Cloud is a conceptual infrastructure project, describing a way to create a server environment for business applications based on Docker Swarm. In the current version we added a new concept about how to manage all the configuration in a private git repository. This makes it more easy to setup the environment form the scratch.
Imixs-BPMN – Data Objects
With the latest version 4.2.5, the Imixs-Workflow Engine, is now supporting BPMN Data Objects. This kind of model element can be used to model more complex wokflows processing input data:
With this new feature any kind of data object – e.g. a XML or HTML templates – can be associated with a BPMN Task. As a result, the task element will provide these data objects in the new item ‘dataObject’. This item can be injected into a running process instance. See the following code example which is injecting a ‘Invoice HTML template’ into a workitem:
... ItemCollection task = model.getTask(1000); List<List<String>> dataObjects = task.getItemValue("dataObjects"); if (dataObjects.size()>0) { List<String> firstDataObject = (List<String>) dataObjects.get(0); String templateName = firstDataObject.get(0); String content = firstDataObject.get(1); logger.info("DataObject name=" + templateName); logger.info("DataObject content=" + content); } if ("Invoice Template".equals(templateName) { // inject data... workitem.repalceItemValue("htmldocument",content); } } ....
DataObjects are part of Imixs-Office-Workflow Version 3.2 to provide an easy and flexible way to create documents and templates during a business process.
Imixs-Cloud – a Lightweight Docker Swarm Environment
The Imixs-Project started the new subproject Imixs-Cloud.
Imixs-Cloud is a conceptual infrastructure project, describing a way to create a server environment for business applications. One of the main objectives of this project is to focus on simplicity and transparency. The general idea is to setup a lightweight docker based infrastructure with docker swarm. Within this infrastructure business applications like Imixs-Office-Workflow can be deployed in a fast and easy way.
Imixs-Cloud is developed as part of the Open Source project Imixs-Workflow and continuous under development. To contribute to this project please report any issues here. All source are available on Github.
Using Hadoop as an Archive Solution
In the Imixs-Workflow project we are currently working on a new archive solution to archive business data into a big data storage. The main goal is to store business data over a very long period of time (10 to 30 years). Therefore we evaluate different big data solutions and concepts to be integrated with the Imixs-Workflow system. Continue reading “Using Hadoop as an Archive Solution”
JSON Web Token and JASPIC
The Imixs Project started a new JSON Web Token project called Imixs-JWT.
Imixs-JWT is a compact easy to use library to generate and verify JSON Web Tokens. The library is based on maven and can be add with the following dependency available from Maven Central:
<dependency> <groupId>org.imixs.jwt</groupId> <artifactId>imixs-jwt</artifactId> <version>1.0.0</version> </dependency>
The following example shows how to build a JWT in Java:
import org.imixs.jwt.*; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.SecretKey; ... // We need a signing key... SecretKey secretKey = HMAC.createKey("HmacSHA256", "secret".getBytes()); String payload="{\"sub\":\"1234567890\",\"name\":\"John Doe\",\"admin\":true}"; JWTBuilder builder = new JWTBuilder().setKey(secretKey).setJSONPayload(payload); System.out.println("JWT=" + builder.getToken()); // will result in: // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. // eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9. // TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
JASPIC Auth Module for JWT
The project also provides a JASPIC authentication module. JASPIC is an authentication standard and can be used in Java EE application servers. The module was tested with Wildfly 10 and can be used also with different application servers.
Why Imixs-Workflow Builds on Java EE
The Open Source Workflow Project Imixs-Workflow has started in 2007 with the beginnings of the new Java EE platform. From then until now, th Java Enterprise Platform has evolved dramatically and is today, with its current version v7, a robust and widely used enterprise architecture.
Why is it so important to our Open Source project to build on Java EE? Continue reading “Why Imixs-Workflow Builds on Java EE”
How to use Environment Variables in WildFly Docker Containers
When setting up a Wildfly server, it is possible to use environment variables in the standalone.xml file by using the Bean Shell expression.
See the following example which sets up the database, user and password in a database configuration in the standalone.xml file by accessing environment variables:
<datasource jta="true" jndi-name="java:/jdbc/my_datasource" pool-name="my_pool" enabled="true" use-ccm="true"> <connection-url>${env.POSTGRES_CONNECTION}</connection-url> <driver-class>org.postgresql.Driver</driver-class> <driver>postgresql</driver> <security> <user-name>${env.POSTGRES_USER}</user-name> <password>${env.POSTGRES_PASSWORD}</password> </security> </datasource>
With the Bean Shell expression it is not necessary to turning parameters into System Properties: just use the expression:
${env.SYSTEM_ENVIRONMENT_VAR}
Especially when running wildfly in a docker container, this can be very helpful, because you can pass through environment variables to the container:
docker run --name="wildfly" -d -p 8080:8080 -p 9990:9990 \ -e WILDFLY_PASS="admin_password" \ -e POSTGRES_USER="my-postgres-user" \ -e POSTGRES_PASSWORD="mypassword" \ -e POSTGRES_CONNECTION="jdbc:postgresql://postgres/mydb" \ imixs/wildfly
Also in combination with docker-compose environment variables can be set in the docker-compose.yml file. See the next example of a docker-compose.yml file, which sets up a postgres service and a wildfly service with a connection pool configuration as defined before in the standalone.xml:
postgres: image: postgres:9.6.1 environment: POSTGRES_PASSWORD: mypassword POSTGRES_DB: mydb mywildflyservice: image: imixs/mywildfly environment: POSTGRES_USER: "my-postgres-user" POSTGRES_PASSWORD: "mypassword" POSTGRES_CONNECTION: "jdbc:postgresql://postgres/mydb" ports: - "8080:8080" - "9990:9990" - "8787:8787" links: - postgres:postgres
This is an example, which we use in combination with the wildfly docker container provided by the Imixs-Workflow project.
Don’t model Business Behavior in Objects!
During the past years I saw many projects where nearly any kind of business requirements was modeled into the technical object model, independent of the reason of the requirement. In many cases, modelling business requirements into a technical object model is quite ok and I agree with it in general. But also modelling business requirements into the affected business objects can lead into a ugly and complicated data structure. Let’s look into a short example to illustrate my thoughts: Continue reading “Don’t model Business Behavior in Objects!”
How to Integrate Imixs-Workflow with Single Sign On
Imixs-Workflow can now be easily combined with the Open Source Identity and Access Management solution Keycloak. Keycloak is an Open Source Identity and Access Management Server which can be used together with Wildfly to authenticate users with a modern authentication mechanism based on OpenID Connect SAML and OAuth. This is a short tutorial how to setup the Single Sign On Server Keycloak and configure the Imixs-Workflow to authenticate users. Continue reading “How to Integrate Imixs-Workflow with Single Sign On”
How to secure Business Objects
This post explains how you can secure your business objects in a model driven way, using the Imixs-Workflow engine.
Most applications deal with security in a functional way. This means that a business application typically defines different functional roles which are mapped to different users. For example let’s look on a simple Ordering System. In an Ordering System, we will have roles like
- ‘Order-Creator‘ – creating the order
- ‘Order-Approver‘ – validating and approving
- ‘Order-Executor‘ – execution
These roles are typical for such an business application and mostly tightly coupled to the corresponding business methods – e.g. createOrder(), approveOrder() and executeOrder(). This works well in a monolithic business application where you can control the security layers as also the business logic. But as more complex the business application becomes, also the enclosed security becomes more complicated. For modern application design, in addition, you often have to deal with external web services and business logic which need to be adapted easily to changing requirements. So this static security model leads into a hell of hard coded business rules or, what is worse, can no longer guarantee the security. Continue reading “How to secure Business Objects”