You are here

Spring Beans

Another option is to use a Spring bean. It is possible to use a delegateExpression on a service task that resolves at run-time to an instance of org.activiti.engine.delegate.JavaDelegate. Alternatively, and probably more useful, is to use a general Spring bean. The application automatically scans all beans in the com.activiti.extension.bean package. For example:
package com.activiti.extension.bean;

import org.activiti.engine.impl.pvm.delegate.ActivityExecution;
import org.springframework.stereotype.Component;

public class HelloWorldBean {

        public void sayHello(ActivityExecution execution) {
                System.out.println("Hello from " + this);
                execution.setVariable("var3", " from the bean");


Build a jar with this class, and add it to the classpath. To use this bean in a service task, set the expression property to ${helloWorldBean.sayHello(execution)}.

It is possible to define custom configuration classes (using the Spring Java Config approach) if this is needed (for example when sharing dependencies between delegate beans, complex bean setup, etc.). The application automatically scans for configuration classes in the package com.activiti.extension.conf; package. For example:

package com.activiti.extension.conf;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

public class CustomConfiguration {

        public SomeBean someBean() {
                return new SomeBean();


Which can be injected in the bean that will be called in a service task:

package com.activiti.extension.bean;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.activiti.extension.conf.SomeBean;

public class HelloWorldBeanWithInjection {

        private SomeBean someBean;

        public void sayHello() {


To get the current user, it is possible to use the helper class.

Bean Whitelisting

By default, you can specify any Spring bean for use in an expression. While this provides ease of use (since any beans you develop will be automatically scanned for as described above), it also increases the possibilities of misuse and security threats. To help prevent these issues from happening, you can whitelist Spring beans by making the following changes:

  1. Open the <InstallLocation>/tomcat/lib/ file.
  2. Locate and set beans.whitelisting.enabled to true.
    Note: If this property is missing from the file, beans whitelisting is disabled.
To whitelist Spring beans, use the following configuration setting:

Example usage of bean whitelisting:

To use a userCount variable in a Display Text field, ${userCount}, add the following line in the Expression property within a Service Task:
${execution.setVariable('userCount', userService.getUserCount())}

If beans.whitelisting.enabled is set to false or the property is missing, the process is completed and the Display Text field should show the value of the usercount variable.

To complete the process successfully using bean whitelisting, you must set beans.whitelisting.enabled to true and add the bean name to beans-whitelist.conf:

# list bean names that should be whitelisted
Note: All beans declared in com.activiti.extension.bean are considered as whitelisted.
Note: If you wish to use tasks that publish to Box, Google Drive or Alfresco and have enabled bean whitelisting, the following beans need to be explicitly whitelisted in beans-whitelist.conf:
  • repositoryService
  • formRepository
  • objectMapper
  • relatedContentService
  • relatedContentProcessor
  • historyService
  • alfrescoMetadataProcessor
Service Task Class Whitelisting

This provides an alternative to bean whitelisting that enables more fine-grained control over what a developer can execute. For example, you can configure which patterns you allow to be executed using expressions.

You can also whitelist full class names or package patterns such as 'com.activiti.*'.

To whitelist service task classes, do the following:

  1. Open the <InstallLocation>/tomcat/lib/ file.
  2. Locate and set service.task.class.whitelisting.enabled to true.
    Note: If this property is missing from the file, service task whitelisting is disabled.
    Note: To use Alfresco, Box or Google drive to publish tasks with service task whitelisting enabled, add the following entries to activiti-app/WEB-INF/classes/activiti/service-task-whitelist-classes.conf:
    • com.activiti.runtime.activiti.bean.BoxStepActivityBehavior
    • com.activiti.runtime.activiti.bean.GoogleDriveStepActivityBehavior
    • com.activiti.runtime.activiti.KickstartAlfrescoPublishDelegate

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.