The Bearer Token Authentication support added to the Process Engine API via the Content Engine API allows any client, regardless of whether it runs in an application server, standalone java application, or servlet, to pass a user's identity for Single sign-on to the Content Platform Engine server. The SSO capability is restricted to OAuth or OIDC authentication tokens that are passed to the Content Platform Engine server on the standard HTTP Authorization header as a Bearer token on the Content Engine WSI request.
In V5.5.12, the Process Engine API supports the Content Engine API OpenTokenCredentials class. Prior to support of OpenTokenCredentials in V5.5.9, the Bearer Token Authentication support is applicable for Content Platform Engine server deployments hosted in traditional WebSphere® Application Server and WebSphere Liberty containerized environments only.
If a Process Engine client application or a Content Engine client application already runs in a WebSphere Liberty or traditional WebSphere Application Server, then the Content Engine API already supports propagating the user's identity for SSO to the CPE server by obtaining the SSO authentication token from the WebSphere JAAS subject. Therefore, no changes are required to applications already operating in that way. New applications hosted in Liberty or traditional WebSphere Application Server may use either JAAS authentication or this new capability.
Using this capability, the client application can obtain an OAuth or OIDC token representing the user in any manner. For example, the client may obtain it by integrating their application with an OAuth/OIDC Identity Provider (IdP). They may also have the token propagate to it from another service. They can even use the OAuth Resource Owner Password Credentials (ROPC) grant to obtain it from an OAuth server using username/password credentials.
// ------------------------------------------------
// Retrieve the a VWSession via PE API
// ------------------------------------------------
PrivilegedExceptionAction < VWSession > getSession = new PrivilegedExceptionAction < VWSession > () {
public VWSession run() throws Exception {
try {
System.out.println("Get CE connection - cpeUrl: " + cpeUrl + ", user: " + username);
com.filenet.api.core.Connection connection = Factory.Connection.getConnection(cpeUrl);
//Test PE connection
System.out.println("Get PE connection via CE - cpeUri: " + cpeUrl + ", user: " + username);
if (connection == null || connection.getURI().length() <= 0) {
System.out.println("getVWSessionViaCE: ceConnection was empty");
throw new RuntimeException("ceConnection was empty");
}
//Create the VWSession with an empty constructor
VWSession session = new VWSession();
//Set the session URI for the CPE server
if (connection != null)
session.setBootstrapCEURI(connection.getURI());
//Use the session with the connection point
session.logon(connpt);
return session;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Executes the getSession PrivilegedExceptionAction to return the VWSession object
final VWSession session = otc.doAs(getSession);
// ------------------------------------------------
// Retrieve the a the queue names for the session
// ------------------------------------------------
PrivilegedExceptionAction < String[] > getQueueNames = new PrivilegedExceptionAction < String[] > () {
public String[] run() throws Exception {
try {
try {
//Fetch the current user info
VWUserInfo userinf = session.fetchCurrentUserInfo();
System.out.println("User: " + userinf.getName());
} catch (Exception ex) {
ex.printStackTrace();
}
int myQueueFlags = (VWSession.QUEUE_USER_CENTRIC | VWSession.QUEUE_PROCESS);
//Fetch queue names for user centric and process queues
String[] queueNames = session.fetchQueueNames(myQueueFlags);
for (int i = 0; i < queueNames.length; i++) {
System.out.println("QueueName: " + queueNames[i]);
}
return queueNames;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Returns the queue names by executes the getQueueNames PrivilegedExceptionAction
final String[] queueNames = otc.doAs(getQueueNames);
//print the queue names
for (int i = 0; i < queueNames.length; i++) {
System.out.println("QueueName: " + queueNames[i]);
}
// Workflow Identifier
String wfIdentifier = "jjTest";
// ------------------------------------------------
// Returns the StepElement from the workflow identifier (wfIdentifier)
// ------------------------------------------------
PrivilegedExceptionAction < VWStepElement > launchWorkflow = new PrivilegedExceptionAction < VWStepElement > () {
public VWStepElement run() throws Exception {
try {
VWStepElement selement = session.createWorkflow(wfIdentifier);
return selement;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Returns the launch step by executes the launchWorkflow PrivilegedExceptionAction
VWStepElement selement = otc.doAs(launchWorkflow);
//print out the launch step parameters and
System.out.println("\n\n Print out new stepelement parameters for launch step");
if (selement != null) {
VWParameter[] params = selement.getParameters(VWFieldType.ALL_FIELD_TYPES, VWStepElement.FIELD_USER_AND_SYSTEM_DEFINED);
Object value = null;
String fieldName = null;
int aType;
for (int ii = 0; ii < params.length; ++ii) {
if (params[ii] != null) {
value = params[ii].getValue();
fieldName = params[ii].getName();
aType = params[ii].getFieldType();
//
//Display the field names and their values
//
if (value instanceof Object[]) {
Object[] o = (Object[]) value;
System.out.println("\t" + fieldName + "= {");
for (int i = 0; i < o.length; i++) {
System.out.println("\t" + o[i].toString());
}
System.out.println("\t}");
} else {
System.out.println("\t" + fieldName + "=" + value);
}
}
}
//
// Modify the parameters we are looking for
//
selement.setParameterValue("Str1", "JoeSmith", true);
selement.setParameterValue("Int1", Integer.valueOf(123456), true);
selement.setParameterValue("Bool1", Boolean.valueOf(true), true);
System.out.println("Set Local LaunchStep Values");
}
// ------------------------------------------------
// Saves the launch StepElement (selement) creating the work item
// ------------------------------------------------
PrivilegedExceptionAction < Boolean > saveLaunchStep = new PrivilegedExceptionAction < Boolean > () {
public Boolean run() throws Exception {
try {
selement.doDispatch();
System.out.println(" New work item has been created for the new step element.");
return Boolean.valueOf(true);
} catch (Exception e) {
e.printStackTrace();
return Boolean.valueOf(false);
}
}
};
//The work item will be launched on dispatch of the step element (selement)
//from the PrivilegedExceptionAction saveLaunchStep
boolean isStepSaved = otc.doAs(saveLaunchStep);
System.out.println(isStepSaved == true ? "\nWork item was launched" : "\n Work item was NOT launched");
String queueName = "Inbox";
// ------------------------------------------------
// Returns the StepElement from the workflow identifier (wfIdentifier)
// ------------------------------------------------
PrivilegedExceptionAction < VWQueue > getVWQueue = new PrivilegedExceptionAction < VWQueue > () {
public VWQueue run() throws Exception {
try {
VWQueue queueInbox = session.getQueue(queueName);
return queueInbox;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Returns the a VWQueue object from the PrivilegedExceptionAction getVWQueue
VWQueue queueInbox = otc.doAs(getVWQueue);
System.out.println("\nVWQueue for the " + queueName);
//Variables to setup the VWQueueQuery
String indexName = null;
Object[] minValues = null;
Object[] maxValues = null;
String queryFilter = new String("Int1 = :A");
Object[] subVars = {
Integer.valueOf(123456)
};
int fetchType = VWFetchType.FETCH_TYPE_WORKOBJECT;
int queryFlag = 512 | 256 | VWQueue.QUERY_READ_BOUND | VWQueue.QUERY_READ_LOCKED | VWQueue.QUERY_READ_UNWRITABLE | VWQueue.QUERY_MIN_VALUES_INCLUSIVE | VWQueue.QUERY_MAX_VALUES_INCLUSIVE;
// ------------------------------------------------
// Returns the VWQueueQuery object
// ------------------------------------------------
PrivilegedExceptionAction < VWQueueQuery > getQueueQuery = new PrivilegedExceptionAction < VWQueueQuery > () {
public VWQueueQuery run() throws Exception {
try {
VWQueueQuery qQuery = null;
if (queueInbox != null) {
int depth = queueInbox.fetchCount();
System.out.println("Count: " + depth + " for queue " + queueInbox);
qQuery = queueInbox.createQuery(indexName, minValues, maxValues, queryFlag, queryFilter, subVars, fetchType);
}
return qQuery;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Returns a VWQueueQuery object executes the getQueueQuery PrivilegedExceptionAction
VWQueueQuery qQuery = otc.doAs(getQueueQuery);
System.out.println("\nVWQueueQuery retrieved for the Inbox");
// ------------------------------------------------
// Returns a workobject from the VWQueueQuery qQuery
// ------------------------------------------------
PrivilegedExceptionAction < VWWorkObject > getVWWorkObject = new PrivilegedExceptionAction < VWWorkObject > () {
public VWWorkObject run() throws Exception {
try {
VWWorkObject wob = null;
if (qQuery != null) {
wob = (VWWorkObject) qQuery.next();
if (wob != null)
wob.doLock(true);
}
return wob;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
};
//Returns a workobject by executes the getVWWorkObject PrivilegedExceptionAction
VWWorkObject wob = otc.doAs(getVWWorkObject);
//Prints out all the field and values of the work object
if (wob != null) {
System.out.println("\nVWWorkobject retrieved for the VWQueueQuery");
String svalue = wob.getLockedUser();
if (svalue == null)
svalue = "no lock";
System.out.println("\t\t" + "CurrentLockedUser" + "=" + svalue);
String[] fieldNames = wob.getFieldNames();
Object value;
for (int ii = 0; ii < fieldNames.length; ++ii) {
if (fieldNames[ii] != null) {
value = wob.getFieldValue(fieldNames[ii]);
//
//Display the field names and their values
//
if (value instanceof Object[]) {
Object[] o = (Object[]) value;
System.out.println("\t\t" + fieldNames[ii] + "= {");
for (int j = 0; j < o.length; j++) {
if (o[j] != null) {
System.out.println("\t\t" + o[j].toString());
}
}
System.out.println("\t\t}");
} else {
System.out.println("\t\t" + fieldNames[ii] + "=" + value);
}
}
}
//Sets field value in the work object
wob.setFieldValue("Int1", Integer.valueOf(999999), true);
}
//flags to set if dispatching or unlocking
boolean dispatch = false;
boolean unlock = true;
// ------------------------------------------------
// Returns the StepElement from the workflow identifier (wfIdentifier)
// ------------------------------------------------
PrivilegedExceptionAction < Boolean > saveWob = new PrivilegedExceptionAction < Boolean > () {
public Boolean run() throws Exception {
try {
if (dispatch) {
//Dispatch automatically unlocks and dispatches
wob.doDispatch();
} else {
wob.doSave(unlock);
}
return Boolean.valueOf(true);
} catch (Exception e) {
e.printStackTrace();
return Boolean.valueOf(false);
}
}
};
//Saves the work object (wob) dispatching or unlocking based on the flags set
//executes the the saveWob PrivilegedExceptionAction
Boolean isSaved = otc.doAs(saveWob);
System.out.println(isSaved == true ? "\n Updated and unlocked the work item" : "\n The work item is not saved" );