If yes then how can i do that. Do I need to change the login/ register process so that it may refer to different DB schema table?
I have an existing user table for my application which is not having same structure as camunda user table have. Can I use that for login instead of Camunda user table?
One of the the following interfaces should be implemented:
Then create a
SessionFactory returning one of them, and register it calling the
You can read about this here: Identity Service.
A bit more practical:
There is a good example and starting point in the codebase, the LDAP identity plugin. Perhaps you can start by copying the code, remove the LDAP specific queries and initializations, and replace with the queries against your database. Eventually rename the classes from
Look into this classes.
Relevant changes must be done only in one class, in the org.camunda.bpm.identity.impl.ldap.LdapIdentityProviderSession.
List<User> findUserByQueryCriteria(LdapUserQueryImpl query)... List<User> findGroupByQueryCriteria(LdapGroupQueryImpl query)... public boolean checkPassword(String userId, String password)...
should not asscess LDAP, but retrieve the users from your database.
The parameter class of the above methods LdapUserQueryImpl is actually not LDAP specific, it holds the query criteria set internal by camunda.
You should use this query criteria to run a query against your database, retrieve your users, and map them to a list of camunda’s
User objects. (Fields like firstname lastname, groupname, email, etc. are quite common in every structure, map where it is possible).
To bootstrap your identityprovider use the AdministratorAuthorizationPlugin, as it is used by LDAP too.
Hope this could help you a bit?
Hi, perhaps is not actual any more :).
There is a simple demo application to that on my github now, with an own user schema:
If it’s still relevant!
Thanks for sharing the example! I’m sure it’ll be very useful to people dealing with user access questions.
CREATE OR REPLACE VIEW bpmn.act_id_user AS SELECT c.username AS id_, 1 AS rev_, 'camunda'::text AS first_, c.username AS last_, cp.email AS email_, NULL::text AS pwd_, NULL::text AS salt_, NULL::text AS lock_exp_time_, NULL::text AS attempts_, NULL::text AS picture_id_ FROM credential c JOIN credential_password cp ON c.id::text = cp.id::text JOIN role_granted rg ON rg.credential_id::text = c.id::text JOIN role r ON rg.granted_role_id::text = r.id::text WHERE r.name::text = 'ROLE_GLOBAL_SYSTEM_MANAGER'::text; CREATE OR REPLACE VIEW bpmn.act_id_membership AS SELECT c.username AS user_id_, 'camunda-admin'::text AS group_id_ FROM credential c JOIN credential_password cp ON c.id::text = cp.id::text JOIN role_granted rg ON rg.credential_id::text = c.id::text JOIN role r ON rg.granted_role_id::text = r.id::text WHERE r.name::text = 'ROLE_GLOBAL_SYSTEM_MANAGER'::text;
Really, can be solved at SQL - table level too !