When modeling business processes, you quickly run into a very common challenge: one workflow is not enough. Real-world operations are made up of interconnected processes — and forcing everything into a single monolithic workflow creates complexity that is hard to maintain and even harder to reuse.
Imixs Office Workflow solves this elegantly with the concept of ‘Master and Detail Processes‘, also called Workitem Linking. It lets you model separate, focused workflows and connect them at runtime — without writing a single line of code.
The Master–Detail Pattern
Think of a classic business scenario: you manage customer projects. Each project goes through an approval process — it gets created, reviewed, and eventually signed off. That’s your master workflow.
Now you also need time tracking. Employees log their hours against a specific project. Each time entry is its own process instance — it can be created, reviewed, and billed independently. That’s your detail workflow.
The relationship between them is clear:
One project → many time entries
Each time entry belongs to exactly one project
This is the master–detail pattern, and it appears everywhere in business operations:
Security warnings have always been part of the software landscape. But something has shifted recently. The latest wave of reports is different – and it is not just the usual noise. The Threat is Real – “The question is no longer whether your application will be attacked. The question is whether your data is still safe after the attack succeeds.”
AI-assisted attacks are changing the rules of the game. Where a human attacker once needed hours or days to analyze application code, identify vulnerabilities, and craft an exploit, an AI-powered tool can do the same in minutes. Automated reconnaissance, pattern-based vulnerability detection, intelligent fuzzing – what used to require deep expertise is becoming increasingly accessible.
When we first built our Imixs SEPA Adapter Project , we relied on iban4j for IBAN and BIC validation — a solid and well-known library in the Java ecosystem. But now we decided to switch to the new open source library iban-commons.
Why We Switched to IBAN Commons
iban4j’s API is notably more complex than iban-commons — it relies on a builder pattern for constructing IBAN objects and, as the benchmarks reveal, is not particularly memory-efficient. For the Imixs-SEPA workflow adapter project that may process hundreds of payment records, that matters.
Imixs Data Groups are a new concept to model bidirektional relationships between process instances within a BPMN 2.0 Model. The open source project Imixs-Data provides an easy and flexible way to use the Imixs-Data-Groups as an extension for the Imixs Workflow engine. In this blog post I will demonstrate how you can use Data Groups in your process model.
Bidirectional Relationships
Data groups allow you to organize and group related workflows under a master process. For example, you want to summarize all payment transactions of a customer in a consolidated ‘Statement of Account’. Or you may want to group invoices that need to be exported into another IT system in an ‘Export process’. A data group defines a bidirectional relationship between a set of process instances and a so called data group – also called master process.
We’re excited to announce our latest release of Imixs-Security OIDC, a powerful new OpenID Connect (OIDC) library for Jakarta EE 10 applications. This new release represents a significant milestone in our open source security toolkit, bringing enterprise-grade authentication capabilities to Jakarta EE applications.
Why Another OpenID Connect Library?
While Jakarta EE 10 introduced native OpenID Connect support through Eclipse Soteria 3.0, this default implementation shows some gaps that needed addressing for real-world enterprise applications. The primary limitation of the existing solution is their focus solely on browser-based user flows, leaving a significant gap for API authentication scenarios.
Imixs-Security-OIDC brings a new flexible solution providing comprehensive support for both – browser based OpenID Connect login and Bearer Token authentication. The later is a crucial requirement for modern applications that need to integrate with external systems via REST APIs.
A common question from users transitioning from task-centric engines (like Camunda) to Imixs-Workflow, is whether Imixs-Workflow supports Service Tasks—a common BPMN element used in workflow engines like Camunda. Let’s see how this works in Imixs-Workflow
First of all – you can add a service Task into your model. But this will not execute any code.
The answer to this lies in understanding Imixs’s event-driven architecture. Unlike BPMN engines that rely on embedded code in Service Tasks, Imixs executes custom logic through events by two core mechanisms:
1. Plugins: Reusable Workflow Logic
Plugins are Java classes triggered at the processing phases of the workflow lifecycle. They act like “global interceptors” for business logic.
Key Traits:
Extend org.imixs.workflow.Plugin or AbstractPlugin.
Running in each processing cycle
Modify workflow documents during processing.
A Plugin can be added into the Model Workflow definition and will be executed automatically in each processing cycle.
Example: Automatically calculate a discount in an order approval workflow:
public class DiscountPlugin extends AbstractPlugin {
@Override
public ItemCollection run(ItemCollection document, ItemCollection event)
throws PluginException {
if ("approve".equals(event.getItemValueString("name"))) {
double total = document.getItemValueDouble("total");
document.replaceItemValue("discount", total * 0.1); // 10% discount
}
return document;
}
}
Adapters (CDI observers) react to workflow events, similar to microservices listening to Kafka topics. They’re ideal for side effects (e.g., sending emails, logging).
Key Traits:
Support CDI / EJB / Transactional
Running on a specific Event
Decoupled from the core workflow (run asynchronously if needed).
Example:
public class DemoAdapter implements SignalAdapter {
// inject services...
@Inject
ModelService modelService;
...
@Override
public ItemCollection execute(ItemCollection document, ItemCollection event) throws AdapterException {
if ("approve".equals(event.getItemValueString("name"))) {
double total = document.getItemValueDouble("total");
document.replaceItemValue("discount", total * 0.1); // 10% discount
}
return document;
}
}
Why This Approach?
Separation of Concerns: Business logic lives outside BPMN files.
Flexibility: Plugins/Adapters can be shared, tested, and versioned independently.
Scalability: Events integrate with Java EE/CDI, Kubernetes, or serverless.
Migration Tip for Camunda Users
Instead of embedding code in a Service Task:
For document transformations: Use a Plugin.
For side effects (APIs, notifications): Use an Adapter.
In this short tutorial I will explain a few basic design patterns helping you to build really good Business Process Management Systems based on Imixs-Workfow. For these patterns it does not matter if you build a app just with the Imixs-Workflow core engine or if you use Imixs-Office-Workflow. All patterns explain very basic concepts which will help you a lot in understanding to build and maintain your business application. So lets start!
In this short blog post I want to talk about the concept of workflow engines and what they are really good for. A workflow engine is the most misunderstood concept in modern software development. Many developers still believe a workflow engine is simply the description of steps to go for getting a work done => the Work-Flow.
To setup a database realm (JDBCRealm) in Payara Micro is a little bit tricky because some settings have changed in the past and so there is no clear updated example. This blog post shows a configuration example for Payara 5.2 in combination with a data source based on the Workflow project Imixs-Office-Workflow.
Take care about the property “group-table-user-name-column”. This property is new and specifies the column name for the userid within the group table.
Another important setting is the “default-realm” in the security-service tag. This property must be set to the name of the jdbcRealm (in my case “jdbcRealm”).
Enable Security Audit
To get more information what is happening during the authentication you can enable the security-service audit with the attribute
audit-enabled="true"
and the audit for the security module with the property ‘auditOn’
In my last blog I explained the core concepts behind the Microservice Saga Pattern. In this blog I will address the problem from a more practical perspective by demonstrating how Imixs-Workflow can be used as a Saga Orchestrator within a Microservice architecture. First, I would like to give a brief review of the main concepts of the saga pattern. Later I show some implementation examples.
