Welcome to the Alfresco Process Services 1.10 documentation.
If you want to know about the new features and improvements of Alfresco Process Services 1.10, see What's new in Alfresco Process Services [1].
Looking for the online documentation for a previous release? Go to the Alfresco documentation [2] landing page to find all the documentation resources. For those interested in the Share Connector, you can find the documentation here [3].
Alfresco customers should also take a look at the Alfresco Support Handbook [4].
See what we've been up to below, and follow our latest updates at Alfrescodocs [15].
To learn more about Alfresco Process Services architecture, see our Alfresco ArchiTech Talks video [16].
What's new in Alfresco Process Services 1.10
Java 11 support
Process Services now supports OpenJDK 11.1, upgrading from OracleJDK 8.back to top [21]
Elasticsearch version 7.3
The minimum version of Elasticsearch has been upgraded to 7.3 supporting external instances of Elasticsearch using REST connections.
See Elasticsearch configuration [22] for more detail and configuration options.
back to top [21]
Helm charts for Process Services
This release includes a sample deployment Helm chart for Process Services .
See Deploying [9] for the deployment options available.
back to top [21]
Deprecations
The application servers JBoss, WebLogic and WebSphere, and IBM JDK have been deprecated. Full support will be removed in a future release.
back to top [21]
Last modified: November 20 2019
Choose a combination of products to build your own Supported Stack. If anything is unclear then please contact our Support team https://support.alfresco.com [24].
Operating systems
| Server | 1.10 | Comment |
|---|---|---|
| Red Hat Enterprise Linux 7.6 Clustered | ✓ | |
| Red Hat Enterprise Linux 7.3 x64 | ✓ | |
| Red Hat Enterprise Linux 7.1 x64 | ✓ | |
| Windows Server 2016 | ✓ | |
| Windows Server 2012 R2 x64 | ✓ | |
| CentOS 8 x64 | ✓ | |
| CentOS 7 x64 | ✓ |
Databases
| Database | 1.10 | Comment |
|---|---|---|
| MySQL 5.7.20 | ✓ | mysql-connector-java-5.1.32-bin.jar |
| MS SQL Server 2016 | ✓ | Microsoft SQL Server JDBC Driver 4.0 |
| Oracle 12c | ✓ | Ojdbc7.jar – 12.1.0.1 (use jdbc:oracle:thin in db_url) |
| PostgreSQL 10.9 | ✓ | postgresql-9.4-1205.jdbc42.jar |
| Amazon Aurora | ✓ | mysql-connector-java-5.1.42.jar |
Application servers
| Application server | 1.10 | Comment |
|---|---|---|
| Tomcat 8.5.28 | ✓ | |
| JBoss 7.2.0 EAP | ✓ | |
| IBM Websphere 9.0.5 | ✓ |
JDKs
| JDK | 1.10 | Comment |
|---|---|---|
| OpenJDK 11.0.1 | ✓ | |
| Oracle JDK 8 X64 | ✓ | Latest update |
| IBM JDK 8 | ✓ |
Browsers
| Browser | 1.10 | Comment |
|---|---|---|
| Mozilla Firefox | ✓ | |
| MS Internet Explorer 11 | ✓ | |
| MS Internet Explorer 10 | ✓ | |
| Chrome | ✓ |
Third party integrations
| Integration | 1.10 | Comment |
|---|---|---|
| MS Office 2011 | ✓ | |
| MS Office 2010 | ✓ | |
| Google Drive | ✓ | |
| Elasticsearch 7.3.1 | ✓ |
Integrated services
| Service | 1.10 | Comment |
|---|---|---|
| Identity Service 1.2 | ✓ | For use with LDAP and SAML |
| Identity Service 1.1 | ✓ | For use with LDAP and SAML |
| Process Workspace 1.3.4 | ✓ | |
| Process Workspace 1.3.3 | ✓ |
Related components
| Component | 1.10 | Comment |
|---|---|---|
| VMWare ESXi 5.1.0 | ✓ | For supported guest operating systems |
With Alfresco Process Services it's easy to create, publish, and use process models and apps.
This Getting Started tutorial shows you in 3 steps how to create and use a simple expense approval process app.
Prerequisites
Before you begin, make sure that you've following the instructions in Installing Alfresco Process Services.
If you’ve registered for our cloud trial [25] you don’t need to install anything and are ready to go.
Steps
Step 1: Create your first process [26]
Step 2: Create and publish your first process app [27]
Step 3: Use your first process app [28]
This is the first of three simple steps in creating a process app.
This process also includes 2 web forms.
- address - http://localhost:8080/activiti-app/#/
- sign in - admin@app.activiti.com/
- password - admin
User task icon to the right.
This adds a user task after the start event.
end event icon (circle) to the
right.
The process model now has three stages.
Validate the model on the toolbar.
This checks models (processes, web forms, decision tables, data models, and stencils) for errors. If there are errors then a message shows you details on how to resolve them.
This opens the Form editor.
Edit icon, then type "Text" as the Label and click
Close.
Repeat this step for the other stencils you added, and type the following labels:
Save then Save and close
editor.
Repeat this step for the other stencils you added, and type the following labels:
Save then
Save and close editor.
Save then Save.
Once you’ve created a process, you can create an app and add the process to it, then publish the app.
icon shows that you’ve selected it. Then click
Close.
Save then select the
Publish? option and Save and close editor.
to return to your
dashboard.
The Expense Approval app is added to your dashboard.
Next step: Use your first process app [31]
When you’ve created and published a process app, it can be used to request a new expense for approval
The Processes page now shows the new expense approval request. From here you can add comments or cancel the process.
If you click Show diagram you can see the current status of your expense claim. The active user task is highlighted in green to indicate it's at review stage. Click Close to go back to the claim.
This completes the claim as it is now at the end of the process flow.
You can click Audit Log to download a PDF audit report. The template used for the Audit Log is part of the configuration settings and can be customized to your specific needs.
Alfresco Process Services 1.10 introduces a new end-user app for working with tasks and processes, called Process Workspace.
For developers, this is a new user experience based on ADF 2.0, enabling high customization and faster time-to-value.
The Alfresco Process Services Landing Page continues to provide a user interface for managing your tasks but with the additional features for process design and profile management.
Process Workspace is a front-end application that is packaged and deployed separately from the Process Services application (activiti-app).
For more information about installation, see Installing Alfresco Process Services Workspace [34]
Process Workspace runs in a web browser. To open Process Workspace, use the following steps.
http://localhost:8080/process-workspace/
Where localhost:8080 represents the host name and the port number of where Process Workspace is hosted.
You'll see the login page.
When you log in, you'll see your Apps Page.
When you log in to Process Workspace, you'll see your Apps Page displaying the tiles that you have available. Each tile shows a process definition that gives you tools for a distinct set of tasks.
In the following image, you'll see that there is a Claim Review Process tile. Your Apps Page may show more tiles.
Click on an apps tile to display the Process Workspace dashboard for this .
The Process Workspace dashboard lets you review the statistics for a process definition. This information gives you an overview of the activity.
When you first open the dashboard, you'll see the minimized menu mode.
The following image shows the Process Workspace dashboard with the minimized menu. Your menu choices are shown on the left side of the dashboard.
To change to the expanded menu mode, click 
. The following image shows the Process Workspace
dashboard with the expanded menu.
The following information is available on each activity.
| Statistic | Description |
|---|---|
| Activity | The name of the activity. |
| Active Count | The number of activities that are active. |
| Active Average Duration | The average time spent on an activity. |
| Completed Count | The number of completed activities. |
| Completed Average Duration | The average time taken to complete an activity. |
When you are using Process Workspace, you can
return to the Dashboard by clicking 
.
The Dashboard Settings lets you filter the data for the current process to customize the information on the dashboard.
.
The Dashboard Settings pane displays in the right-side of the dashboard.
to
close the Dashboard Settings pane.
You can see all of the tasks that you are working with on the My Tasks
list. To view your tasks, click 
.
You'll see the My Tasks page, which shows the tasks created within this app or as part of the processes from the app. New tasks that you create will appear in the My Tasks list.
To view a task, double-click on a task in the task list. A new page opens showing the task form. This provides options to save, approve or reject the task.
You can control the number of tasks displayed on the page. Click the down arrow next to Items per page and select a value from the list. The page refreshes to display the number of items you chose.
To view a task, double-click on a task in the task list. A new page opens showing the task form. This provides options to save, approve or reject the task.
Create new tasks for yourself or to assign to others.
(minimum menu) or click Create (expanded menu).
The Start Task window appears.
and select the date from the
calendar.You can view the detailed information about your active tasks.
You'll see the Details and Activity tabs on the right side of the page. The Details tab displays information about the currently selected task. The Activity tab allows you to add comments related to the task.
You'll see the information about the task.
and
selecting the date from the calendar. You can also add people and groups. Click 
. Type the name of the person to search,
and then click ADD.
You'll see the name of the person in the list of people this task is shared with.
You'll see the comments made by you and others about this task. The comments list shows the name of the person who created the comment, along with the comment text and the date and time it was made.
To add your own comment, type into the Add a comment field.
to close the details and activity.
You can upload a file that you wish to be attached to a task.
on the
right-side.
An attachment page appears.
Drag and drop files to this page. You can also click 
to upload files using your file
browser.
Process Workspace lets you download a PDF file that shows a summary of the task, including the task details and activity. This file is called the Task Audit.
to produce a Task Audit PDF.
The Processes list shows the details of the currently running processes.
To view your processes, click 
.
If you are using the expanded menu, you can see a more complete list of processes and you can filter the list for Running, Completed and All processes.
New processes that you create will appear in this list.
Double-click on a row in the process list to see a list of active tasks. Below this, a process diagram of the active process appears.
Create new processes for yourself or for other to use.
(minimum menu) or click Create (expanded menu).
The Start Process window appears.
You can view the detailed information about your active processes.
You'll see the Details and Activity tabs on the right side of the page. The Details tab displays information about the currently selected process. The Activity tab allows you to add comments related to the process.
You'll see the information about the process.
and selecting the date from the calendar.You'll see the comments made by you and others about this process. The comments list shows the name of the person who created the comment, along with the comment text and the date and time it was made.
To add your own comment, type into the Add a comment field.
to close the details and activity.
You can view the workflow for the process.
The left-hand pane displays a list of active tasks, below which a diagram of the process model appears.
You'll see a list of active tasks and the process workflow diagram for this process.
and click View Task.
You'll then see the detailed information for the current task.
to
return to the Processes list.
The default language used in Process Workspace is English. You can change the language.
.
You'll see the list of languages that are available.
.
The user interface text for Process Workspace changes to the selected language.
The Landing Page is the starting point from which you can use:
App Designer - Design your process
My Tasks - View your task inbox or queue
Profile management / Identity management - Manage user and group capabilities
Analytics - Generate reports on process performance
Depending on the capabilities of your account you may or may not get access to the App Designer or Analytics.
Profile management will appear will appear for you only if you are a user. This is where you manage your personal information. If you have administrator capabilities, then Profile management will be displayed as Identity management. Use this tile to access your profile page as well as to manage user, group, and capability management pages for your tenant or the whole system.
You can click on the Alfresco Process Services logo at any time to return to your landing page.
Your landing page is dynamic, and new tiles will appear when you create new process apps in the App Designer and deploy them in the Task App.
You'll also see a list of shortcuts for tasks you might want to do next.
All pages display the App Navigator icon in the far-right corner of the header. It provides useful 1-click shortcuts to various parts of the app. You can navigate instantly to all your process models, tasks, processes, stencils, forms, decision tables, quickly start any process, view the tasks and processes for a published and deployed app, or view and change your profile. As you deploy process apps, the App Navigator will also show shortcuts for the newly created process apps.
You can add a photo to your profile.
To edit your profile, click Profile management.
On the Personal page you can edit your details, such as your name, change your password, and view your group membership and capabilities.
To add your photo, click the image to the left of your name and upload the desired photo.
Use the App Designer to create process models, forms, app definitions, and share your models and definitions with others. As you create items, they appear as tiles on their respective page. The Last Modified drop-down on the top-right enables you to sort the display order ranging from last modified, oldest first, name order, or reverse name order. Use the filter on the left to filter the list of displayed items. Additionally, if you are unable to find a specific process, use the search box to find more processes. If your processes require human input, then you will need forms to gather it.
You can filter the list of Business Process Models using the following options on the left:
My items - View all your processes / app definitions / data models / stencils / reusable forms / reusable decision tables. The filter name changes based on the tab you are in. For example, in case of the Forms tab, it changes to My reusable forms and to My App definitions when you are in the Apps tab.
Shared with Me - View items shared by others with you.
Shared with Others - View items that you have shared with others.
Favorited - View your favorite items.
Everyone’s - View all processes regardless of who created them.
The App Designer panel includes the following tabs:
Processes - Provide tools for creating new processes, modifying existing processes, and importing processes from outside Process Services. If your account has the capability, you can also import existing models that are defined in BPMN 2.0 standard format.
Forms - Provide tools for creating new forms, and modifying existing forms. Filter the list of displayed forms using the options on the left. You can view all your forms, or just those shared by others with you, or those you have shared with others, or just those you have favorited. If you haven’t created any forms yet, then a new button called Create a new form now! will appear on the Forms tab.
Decision Tables - List decision tables that can be used across processes. Decision tables are an easy way to define business rules.
Apps - Create new apps, modify existing apps, and import apps from outside Process Services. You create an app to group one or more of your processes, so you manipulate them as one unit. You can make an app available for yourself and share it with others. An app can contain no process at all, which allows you to create simple task list.
Data Models - Enable you to map your business data with a relational database or a custom API such as a customer database, patient database, and so on. You can create business objects to connect to an external database that can be accessed by all processes in your application.
Open the App Designer editor by clicking a process definition, reusable form, reusable decision table, app definition, data models, or the stencils tab. The App Designer editor provides features such as copy, comment, delete, add to favorites, share with others, and export. You can also open the corresponding editor to make changes to the content, and perform actions specific to the item type. For example, you can publish an app definition or edit a process.
In the above example, the App Designer editor was opened for an app definition called publisher. The editor always displays the details of the selected item on the top panel along with a set of buttons on the top right. The right-most button opens the editor corresponding to the item displayed. So in the example, the right-most button opens the app editor. If a process definition created via the step editor is opened in the App Designer editor, then the App Editor would open the step editor.
Use the Task App to access your task list and work on tasks assigned to you from the Processes tab. This is also where you initiate new processes and tasks.
The Task App menu bar has tabs for working with tasks, processes, reports, and a Start button, which is a shortcut to start a process using a published process definition.
The Tasks tab is organized into three columns.
The left column lets you filter the list of displayed tasks. There are four pre-defined filters and a New Filter control which lets you define and name your own filters. Any filters you create are added to the list of displayed filters.
The middle column provides tools for creating new tasks, and lists the tasks included by the current active filter. Click on the accordion icon above the list of tasks to change the default display order from Newest first to oldest first, Due last order, or Due first order.
The right column is displayed when you click on a task in the middle column. It displays the selected task details and also tools for completing open tasks and for viewing the audit log of a completed task.
When you create a new filter in the Tasks tab or Processes tab, you can filter by process definition, the state of the task/process, by task name, and by assignment. You can also change the default sort order.
Select an active (running) process name, and display only those tasks that are associated with that process.
Choose to display tasks or processes based on its state. For tasks, select Completed or Open. Completed is selected by default. For processes, select Running, complete, or All. Running is selected by default.
Select tasks in which you are involved, or tasks that have been assigned to you, or tasks where you are one of the several candidates. This is only applicable to the Tasks tab.
Sort the list by Newest first, Oldest first, Due last, or Due first.
Type a string to search for matching task names or process name depending on the tab you’re in.
Select an icon for your new filter by clicking on the funnel icon, and specify a name for the filter.
If you have no tasks or processes running, then James will appear with a shortcut to let you create a new task for yourself or start an existing process and track its progress.
Use the Processes tab to start a new process from a list of published process definitions. The Processes tab is organized into three columns similar to the Tasks tab [71] except that instead of tasks, process details are displayed. You can also create a new filter to filter by process definitions, process state, and by process name.
Use the Reports tab to generate reports based on the available parameters. You can view the reports that you saved in the Analytics App. For more information, see Analytics App [72].
These are operations to manage tenants, groups and users. This is useful for example to bootstrap environments with the correct identity data.
Use the Tenants tab for creating new tenants, and modifying existing tenants.
By default, the details of the currently selected tenant are displayed. You can edit the name of the current tenant and configure various settings as follows:
Logo - Add or update your existing logo.
Events - A log of management events for the tenant.
Alfresco repositories - Configure your on-premise repositories. See Create Alfresco repository.
Endpoints - Configure your RESTful endpoints and Basic Authentication for endpoints.
Data sources - Register your data sources for using in Data Model.
Document templates - Upload a Microsoft Word (.docx) file that can be used as a template in processes.
Email templates - Create new custom email templates, view or edit the existing templates (both standard and custom). For information on creating custom templates, see Custom email templates [82].
Config - Configure settings for Box metadata support, validate decision table expressions, and enable or disable the option for involved users to edit forms. In addition, you can define the minimum length for the password, and the date format for forms (for example, D-M-YYYY).
Use Custom email templates to create your own set of templates for Alfresco Process Services. You can use a custom template when creating human tasks in your process. This is particularly useful if you want to send a customized email notification as part of your process.
You can include values from a range of predefined variables. These are listed in the following table:
| Assignment | Variable Name |
|---|---|
| Single User Task | taskCreator, taskName, taskDirectUrl, homeUrl |
| Group Task | groupName, taskName, taskDirectUrl, homeUrl |
| Candidate User Task | taskName, taskDirectUrl, homeUrl |
Prerequisites:
In IDM, create a user and assign the Administration of tenant of this group capability.
Make sure to create users with valid email addresses as that will be needed for sending email notifications.
To create a new custom email template:
You can edit and delete an existing custom template by selecting the edit (pencil) and delete (bin) icons in the Email Templates respectively. Once an email template is created, you can search it by entering a string for matching email templates.
Alternatively, you can also create a custom email template within the App Designer editor when adding or editing a human step in a process.
To create a custom email template via the App Designer Editor:
To use a custom email template in the process:
To complete a task using custom emails:
Your task is completed and custom emails are sent to the assigned user of the task.
Users tab provides tools for managing users. The current users are displayed on the right panel. You can select from the list of users and use Select an action to change details, status, account type, password, and primary group of the user.
In addition, you can create a new user, or filter the list of current users by status, account type, email or name, and company.
Use the Capabilities tab for managing the capabilities and groups of users that are available for this tenant.
There are two types of groups:
Capability groups - Groups that can be granted with variety of capabilities.
Organization groups - Functional groups that reflect the structure of your organization.
The following capability groups are available by default:
Analytics-users - Access the Analytics app to view reports.
Superusers - Administration of tenant of this group gives full administration rights for the current tenant to the selected group.
App Designer - Access to App Designer app that allows you to design and publish process definitions.
In addition, an Administrator can grant to the following capabilities to any of the capabilities groups:
Access Analytics app
Access App Designer app
Access the REST API
Access to all tenants' models
Administration of tenant of this group
Publish app to user dashboard
Upload license
You create and delete capabilities groups, add and remove users to and from a group, and add and remove capabilities to and from all users in a group.
Use the Organization tab to create functional groups that reflect the structure of your organization. You can also add and remove users to and from a group, and create subgroups within this kind of group.
Use the Analytics App tile to add standard reports and configure custom reports for performance and throughput statistics of your processes. You can view the Analytics App tile only if your account has the Analytics capability. Before generating process reports, make sure to run your processes at least a few times.
When you visit the Analytics app for the first time, you'll see some useful hints on the welcome screen.
The Analytics app has the following tabs:
Reports - Use this to add standard reports in Alfresco Process Services and view the existing reports.
Configure - Use this to configure standard reports and custom reports.
In Alfresco Process Services, you can add Standard reports at a click of a button. You can choose to add all standard reports at once or configure only the reports you’re interested in. For example, you can configure your report panel to isolate Task related reports such as Task overview and Task service level agreement reports, or custom reports that are based on generated reports (see Customizing reports [87]).
To add standard reports:
From the Analytics app > Reports tab, click Add some standard reports now link. The following standard reports appear in your Reports panel on the left:
Process definition heat map
Process definition overview
Process instances overview
Task overview
Task service level agreement
Alternatively, you can also add the same set of standard reports via the Configure tab. To remove your existing reports from the Reports panel, click Reset all my reports.
Once you have added the standard reports, you can access them from the Reports panel and generate them based on the required filter parameters. If the data is available, it will be presented in graph and tabular form, depending on the report selected.
You can filter most reports by the following parameters:
Date range
Process definition
Process Status
Task (Task related report only)
Task Status (Task related report only)
Some reports such as Task service level agreement and Process instances overview reports have additional parameters.
You can customize reports by selecting the Process Status and Date Range parameters. You can also create new reports by modifying the filter option of an existing report and saving it with a new name.
To generate and save a Task overview report:
Process Definition - Process definitions for the selected user.
Date Range - Tasks from Today, Yesterday, Last 7 days, Previous month, Current year, or Custom Range.
Task Status - All tasks, Active, or Complete.
Aggregate dates by - Tasks by hour, day, week, month, or year.
Relevant data for Task Counts, Task counts by assignee, Number of tasks divided by date interval, Task Duration, and statistics of all tasks are presented in graphical, tabular, and table formats. In addition, there’s an option to view the previous chart data in a table format.
You can generate all other reports in the same way by using the appropriate filter options. You are now ready to explore the advanced reporting and analytic features in Alfresco Process Services.
The Step Editor guides you through creating a business process through a sequence of simple steps. The processes you create using the step editor do not exploit the full power of BPMN 2.0 like those created by the BPMN editor, but you can use it to design both simple and quite complex process models, without knowledge of BPMN 2.0.
The editor has a menu bar with buttons to save your model, validate that the model is a complete BPMN 2.0 model definition, provide feedback to the Alfresco Process Services team, and to close the editor.
When you open the step editor on a new process definition, you can see the first step, the Process start step is already added to the process diagram for you. When you mouse-over a step, the stop becomes click-able. Click on it, and the details of the step are displayed and can be edited. This design principle is reflected throughout the Alfresco Process Services app. You can mouse-over and click text areas to modify their content, and variables to change their values. So for the Process start step, you can click on the single Process trigger variable and choose the trigger type:
The editor will guide you in creating your process. For example, when a form is required, it will present you with a list of existing forms and provide you with a button to create a new form.
Below the last step in a sequence, there is a + (plus) icon. Click on this to add a step to your process.
You can move steps around in your process Click in the top-right of the step and the step will be outlined in green, and the + icons will change to green discs.
Click the green disk at which you want your highlighted step to move, and the step is moved to that position in the flow:
In addition to the Process start step, there are five types of step you can add to your process.
A human step is a task to be completed by a user. You choose who to assign the task to, provide a form for that user to complete, define a due date for the task, and set a timer. If a timer is triggered, it will allow Alfresco Process Services to take an action related to the task, such as reassign it to another user and so on.
The Human step dialog is divided into four tabs:
Details tab
Form tab
Due date tab
Timer tab
Details tab
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element |
|
Name |
A name for the task. |
|
Documentation |
A description of the task. |
|
Assignment |
Configure to who this task should be assigned. You can assign the task to one of the following assignees:
|
Form tab
You can select a form to display when the task runs. You can select an existing form, or create a new one. Forms that you create here while designing your process definition are accessible to steps in this process definition only. Forms that you have designed in the Forms tab of the Alfresco Process Services app can be reused by any process definition owned by someone you have shared the form with. Both types of form are listed in the chooser dialog. You can filter the available list of forms by entering text in the Filter box.
Due date tab
If you specify a Due date, then the time remaining until that date will be displayed in the task details when the process is running. If the task is not completed in that time, then the amount of time since the due date is displayed. You have the following options for setting a due date:
This is the default value.
Specifies a Due date in years, months, days, hours, minutes and seconds after the task is started.
Select a date field from a list of those available in forms of this process definition. You can add or subtract a specified amount of time in years, months, days, hours, minutes and seconds from the value of the chosen date field to create a Due date.
Select a variable from the list of those available in forms of this process. You can add or subtract a specified amount of time in years, months, days, hours, minutes and seconds from the value of the chosen date field to create a Due date.
Timer tab
Timer is similar to Due date, except you specify a time after which some action will be performed on the task by Alfresco Process Services. You can also specify an action for the task to be taken when the timer completes.
You have three options for setting a timer:
This is the default value.
You specify another assignee in exactly the same way as you specify the original assignee on the Details tab. When the timer completes, the task is assigned to the specified user, candidates users, or candidate groups.
When you specify Keep task, a new Timer date reached substep appears inside the current step with the + icon underneath it. You can add one or more subtasks inside this step by clicking this icon. When the timer completes, the task remains active, and the first substep becomes active too. The process continues running substeps as each substep is completed. Note that when you specify substeps here, the list of steps available now includes a Go to step. This allows you to choose one of the main process steps to run after this one.
When you specify End task, a new Timer date reached substep appears inside the current step with the + icon underneath it. You can add one or more subtasks inside this step by clicking this icon. When the timer completes, the task ends, and the first substep becomes active. The process continues running substeps as each substep is completed. Note that when you specify substeps here, the list of steps available now includes a Goto step. This allows you to choose one of the main process steps to run after this one.
When the timer completes, all active tasks in the process are canceled and the process ends.
When an email step starts in a running process, it sends an email with a fixed text body and a fixed title to a single or multiple recipients.
The email step dialog contains two tabs that let you fully define the task.
Name and Description are simple text fields that help you and others to identify the task in your task list.
Recipient type lets you choose who receives the email defined in this step:
The user who starts the process is the sole recipient of the email. This is the default.
If you choose this option, a Recipient field is displayed to allow you to search for single user or select someone using an email address.
If you choose this option a second Recipients field is displayed to allow you add one or more users. You can add Alfresco Process Services users or select someone using an email address.
A choice step enables you to start one of two or more sequences of substeps for your process, based on conditions.
Use the Name and Description fields in the choice step dialog to define the task for your task list.
When you select the Choices tab for a new choice step, it shows two choice boxes. You can use the + (plus) icon between them to add more choices. Click the choice box you to edit the choice and name it. You can also add from one of the following conditions:
This choice runs its sub-steps if none of the other choices conditions are met. Note that only one of the choices in a choice step can specify this condition for the model to validate. This is the default.
This choice runs its sub-steps if the value of a field in a form satisfies a conditional statement. If you click this option, the following options are available:
Select a field in a form that is used in this process definition.
Choose an operator from equal, not equal, less than, greater than, less than or equal to, greater than or equal to, empty, not empty.
Specify a value. For example, select a radio button field named direction from a form, choose the equals operator, and type the value Left.
This choice runs its substeps if the outcome of a form that matches the one specified for the choice is selected by the person assigned with the task. If you click this option, the following options are available:
Select an outcome of a form used in this process definition.
Choose an operator from equals or Not equals.
Select a value of the outcome from the list. For example, select an outcome named direction from a form, choose the Equals operator, and choose the value Turn left from the drop-down list.
There are two steps that you can add at the end of a substep sequence in a choice step that change the flow of control in the process.
An end process step is available only when defining a substep within a choice step. You use an end process step to stop the process within a choice step in your process definition. Since this is a terminal step, no + (plus) icon appears after the step.
In the End process step dialog > Details tab, define the task name and description.
The Goto step is available only when defining a substep within a choice step. You use a goto step to jump to a named step within your process definition. Like the End process step, it is a terminal step and no + (plus) icon appears after it.
The process definition used here illustrates models for driving a car. If you turn left, then you continue your journey. As long as you continue turning left, your journey continues. If you turn right, you drive a short distance to your final destination. The goto step provides two ways of managing the flow of control in a process:
A sub process step enables you to create a step that itself contains a sequence of steps that constitute a complete process definition. When saved, this definition is added to the list of substeps available to your main process definition. This gives you a method of managing complex processes by refining repeated sequences of steps into a sub step. This can make your process definition easier to comprehend visually.
The sub step dialog contains one tab that lets you fully define the task.
A sub process lets you choose a sub process that you have already defined in this process definition, or you can create a new sub process that is reusable in this process definition.
This step allows you make an arbitrary REST call. You can define a full endpoint directly or use an endpoint defined by an administrator on your Alfresco Process Services server. You can supply parameters to the call directly in the URL or from process variables in forms, and you can extract properties from the JSON response into process variables for use in your process definition.
The REST call step dialog contains four tabs that let you fully define the call.
Name and Description are simple text fields that help you and others to identify the task in your task list.
You define the URL for your REST call in this tab.
This is the method associated with the REST call. The default is GET, but you must select between GET, POST, PUT, and DELETE based on the documentation for your chosen API call. The example shown in the screenshot, is using the api/enterprise/app-version REST call, which is documented as a GET call.
You select one from a list of endpoints that have been defined by your administrator. In the example the endpoint for the local Alfresco Process Services server REST API, http://localhost:8080/activiti-app/ [99], has been chosen.
Copy the URL fragment from your selected REST API call. In this example we are using api/enterprise/app-version.
You may also choose to enter the full URL, especially for REST services that have not been defined by your administrator, for example, http://httpbin.org/post [100]. This can be useful during development and prototyping cycles.
In all cases, you can use the Test button to test your endpoint.
You can insert values previously submitted in any form (or variables) in your process definition, into the REST URL. The value will be inserted at the position of the cursor in the Rest url field.
Some REST calls require a JSON request body. You can add one or more JSON properties using this tab.
For each property you define the name, property type and value. The value can either be a fixed value, or you can select the value of a form field from a list of available form fields in your process definition.
REST calls return a JSON response body. You can define one or more pairs JSON response properties and process variables. When the step completes, each process variable will contain the value of the returned response property. You can use those values later in your process. In this example, the returned JSON property edition will be contained in the process variable activitiedition, which is a form field in a form used for displaying the edition string later in the process definition.
For complex and nested POST request bodies, specify a JSON Template which is evaluated at run-time. The JSON editor provides syntax highlighting and will highlight any JSON syntax errors on the line number indicator.
Use this step to generate a Microsoft Word or PDF document from a template in Microsoft Word. The process step will substitute any variables you place in the template document with process and form variables. You can upload global template documents for use by all users, or upload personal template documents for your own use.
The Generate Document step dialog contains the following tabs to define the task:
Name and Description - Type the name and description of your task.
Output name - Type the name of your output document.
Output format - Click the format that you want to view your generated document: PDF or Word.
Select from a list of company templates that an administrator has uploaded or upload your own personal templates by clicking Upload Template. In the above example, the offer.docx company template is selected.
You can also filter the list of company templates with a search string, and download any template to see what form and process variable substitutions are made in the template.
Enter a variable name that you have used in the document.
In the template, you can substitute <<[name]>> in the output document with the form variable name, for example:
Templates are processed using the LINQ reporting engine.
You can also use expressions to build more complex templates. For example, the following excerpt was used in an HR offer letter of XXX Corp called offer-letter.docx:
Your initial salary will be <<if [annualsalary > 30000]>>a generous <<else>>a standard starting<</if>> $<<[annualsalary]>> per year
The sample template referred above uses conditional expressions that tests the value of the form variable annualsalary and outputs one of the two different text phrases, depending on that value.
To test the offer.docx template, create a process definition that uses the template. For example:
In this example, the Generate Document step is the last step in the process definition, therefore you can view and download the generated document of the completed process in the Alfresco Process Services process view.
The decision step enables you to create a Decision Table. A decision table is an easier expression to creating business rules.
See the Business rules - decision tables [101] section for more details on Decision Tables.
Use this section to link create content related steps.
The Retrieve Alfresco Properties option enables you to retrieve content-specific properties from Alfresco Content Services and map it to a form field or variable, for example, properties of a document. You can retrieve document information after a document is added or referenced via the Attachment form field in the Share Connector.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Alfresco properties |
Retrieves Alfresco Content Services properties for content stored in the form editor or variable, and allows mapping them. |
The Update Alfresco Properties option enables you to update content-specific properties in Alfresco Content Services using a form field or variable. For example, you can update properties of a document linked from Alfresco Content Services via a form attachment field, or process variable.
The Properties sheet displays the same fields as Retrieve Alfresco properties, except that is used for updating properties rather than retrieving.
The Call Alfresco Action enables you to invoke the standard Alfresco Content Services actions from Alfresco Process Services.
| Property | Description |
|---|---|
|
Details tab |
|
|
Name |
The name of the content-specific step. |
|
Description |
A description of this step. |
|
Target tab |
|
|
Content |
Retrieves Alfresco properties for content stored in the form editor or variable based on your selection. |
|
Act as |
Identity of the caller: Process initiator or Specific User. Selecting Specific User lets you select a different user. |
|
Repository |
Changes the repository account. For example: Alfresco Content Services. |
|
Action tab |
|
|
Action |
Lists a range of actions specific to Alfresco Content Services. Select the options to make changes to the default name and value depending on your requirement. The options are as follows:
|
|
Action Parameters |
View or update parameters of the action selected in the previous field. |
This step enables you to write a document or all documents uploaded in your process to an Alfresco Content Services on-premise repository.
A user with administration privileges will need to add accounts for the Alfresco Content Services repositories that you can publish to. An administrator can add repositories on the Tenant page of the Identity Management [98] app. The list of repositories you can publish to is then shown on your Personal Info page. If you click on a repository, an account to access the repository is added for you.
The Publish to Alfresco step dialog contains three tabs that let you fully define the task.
Name and Description are simple text fields that help you and others to identify the task in your task list.
This is the default. All files that have been uploaded in an upload field in a form before this step are published to the specified location in the repository
If you select this option a second field Form field displays a list of form fields from all the forms in your process. You can select one from the list.
This is the folder in an Alfresco repository to which the selected content will be published. Click Select Folder to display a dialog that lets you choose a folder from the available Alfresco repositories defined in your Alfresco Process Services app. Once you have selected a folder, the repository details and folder path are displayed in this field.
If you check create or reuse subfolder, a second field Based on field displays a list of fields from all the forms in your process. You can select one from the list. A folder with a name based on the content of the selected field will be created or reused within the specified destination folder to publish the content selected. If you do not select this option, all the items of content will be published directly to the specified destination folder.
This is similar to the Publish to Alfresco step, but for Box. (https://www.box.com/ [114]).
Note that a Box account needs to be configured in the Identity Management > Personal tab.
This is similar to the Publish to Alfresco task step, but for Google Drive. (https://www.google.com/drive/ [115]).
Note that a Google Drive account doesn’t need to be configured. A popup shows up when you have to select a document/folder and no account is found. This popup will allow you to log in with the Google Drive credentials and use this account thereafter.
With the BPMN editor you can create process definitions using the capabilities of BPMN 2.0. You build your process by dragging and dropping from a palette of grouped components to a canvas on which your process diagram is built.
The BPMN editor is structured into several areas:
On the left side of BPMN editor is the palette, which consists of collapse-able groups of BPMN objects.
On the right side of BPMN editor is the canvas, where the BPMN objects can be added to create a process model.
Below the canvas is the properties sheet, which shows the properties of the selected BPMN object on the canvas, or if no BPMN object is selected, the properties of the process itself. You can click on any of the properties to modify its value. The property sheet is collapse-able to allow you more screen space to view your process diagram.
The toolbar is displayed on the top with a set of grouped command icons. You can save and validate your model, delete selected elements in the diagram, cut, copy and paste selected elements, undo and redo the last action, zoom the process diagram, eliminate crossing connector lines by adding and removing bend-points, view the BPMN editor tour, and provide feedback to the Alfresco Process Services team.
When you first use the BPMN editor, a short guided tour runs showing you the components of the editor and running through the initial steps involved in creating a process definition. You can rerun the tour at any time by clicking the icon in the toolbar.
When you open the BPMN editor to create a new process definition, the canvas already contains a Start Event. Clicking on any event on the canvas frames the event icon with a dotted line and reveals a number of controls.
The controls below the icon allow you to delete the BPMN object, or change in to another object in the same group. For example, you can change a Start event to a Start timer event. The controls to the right of the icon allow you to specify the next object type in the process. The list presented includes only those object types that are valid in the sequence after the current object. In addition, there are controls that allow you to create flows connecting other existing events in your diagrams, and to annotate the event.
There are two ways of adding BPMN objects to your process:
Use the controls that appear when you click on a current object icon. Using this method will create a valid connector between the current event icon and the new event icon.
Drag and drop an object icon from the palette. In this case you add flows to the current event icons in the process yourself by picking the icons from the palette.
The following object groups are shown in a collapsible list in the palette. The groups consist of all the objects available in the BPMN 2.0 specification, and additional Alfresco Process Services extensions such as the Publish to Alfresco task, Publish to Box, Publish to Google Drive.
A start event indicates where a process starts. You can define a start event in one of the following ways:
Start on the arrival of a message
Start at specific time intervals
Start as a result of an error
Start when a specific signal is raised
Start on no specific trigger
In the XML representation, the type start event is specified as a sub-element.
Start events are always catching: a start event waits until a specific trigger occurs.
A start event with an unspecified trigger. BPMN 2.0 refers to this as a none start event. It is visualized as a circle with no icon.
A none start event can have a start form. If so, the start form will be displayed when selecting the process definition from the processes list. Note that a process instance is not started until the start form is submitted. A none start event without a form will simply have a button displayed to start the process instance.
A subprocess always has a none start event.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this element instance. An execution listener is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Process Initiator |
The process variable in which the user ID of the initiator of this instance should be stored. |
|
Form key |
A key that provides a reference to a form. This property is available for compatibility with Activiti, but should not be used directly when using Forms. Use the Referenced form property instead. |
|
Referenced form |
A form reference. |
|
Form properties |
A form definition with a list of form properties. Form properties are the way forms are defined in the community version of Alfresco Process Services. Configuring them has no impact on the rendered form in the Alfresco Process Services, the Referenced form property should be used instead. |
A timer start event initiates a process instance at specific time. You can use it both for processes which must start only once and for processes that must start in repeated time intervals.
It is visualized as a circle with a clock icon.
Note that a process instance started by a timer start event can’t have a start form, as it is started by the system. Similarly, it does not have a process initiator like a none start event. As such when assigning tasks later on in the process definition, keep in mind that the assignment 'assigned to process initiator' will not work.
A subprocess can’t have a timer start event.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this instance. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Time Cycle |
A timer cycle defined in http://en.wikipedia.org/wiki/ISO_8601 [132] format, for example: R3/PT10H. |
|
Time Date in ISO-8601 |
A point in time defined as a http://en.wikipedia.org/wiki/ISO_8601 [132] date, for example: 2015-04-12T20:20:32Z. |
|
Time Duration |
A period of time defined as a http://en.wikipedia.org/wiki/ISO_8601 [132] duration, for example: PT5M. |
A signal start event starts a process instance using a named signal. The signal is fired from a process instance using the intermediary signal throw event (or programmatically through the java or REST API). In both cases, a process instance for any process definitions that have a signal start event with the same name are started. You can select a synchronous or asynchronous start of the process instances.
A signal start event is visualized as a circle with a triangle inside. The triangle is white inside.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Signal reference |
The name of the signal that initiates this event. Note that signal references are configured on the root level of the process instance and then linked to the signal start event via this property. To configure it, deselect any other element and click the Signal definitions property. |
A message start event starts a process instance using a named message. It is mainly used for starting process instances from external systems.
It is depicted as a circle with an envelope icon inside. The envelope is white inside.
When you deploy a process definition with one or more message start events, consider the following points:
The name of the message start event must be unique across the whole process definition. Alfresco Process Services will throw an exception on deployment of a process definition with two or more message start events that reference the same message or with two or more message start events that reference messages with the same name.
The name of the message start event must be unique across all deployed process definitions. Alfresco Process Services will throw an exception on deployment of a process definition with one or more message start events that reference a message with the same name as a message start event already deployed in a different process definition.
When a new version of a process definition is deployed, the message subscriptions of the previous version are canceled. This is also true for message events that are not present in the new version.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listener is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Message reference |
The name of the message that initiates this event. Note that messages are configured on the root level of the process instance and then linked to the message start event via this property. To configure it, deselect any other element and click the 'Message definitions' property. |
An error start event triggers an event Sub-Process. An error start event can’t be used for starting a process instance.
It is visualized as a circle with lightning icon inside. The icon is white inside.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Error reference |
The name of the error that initiates this event. This reference needs to match the error identifier thrown by the event that throws the particular error. |
An activity describes a single item of work to be performed in a process. Alfresco Process Services provides some Activity types that are additional to those described in the BPMN 2.0 specification.
An activity is always visualized as a rectangle with rounded corners.
A user task enables you to model work to be done by a human actor. When process execution arrives at a user task in the process definition, it creates a new task in the task list of the assignee or assignees defined in the task.
A user task is depicted as a rounded rectangle with a user icon on the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Assignment |
Configures to who this task should be assigned. It is possible to use Fixed Values (advanced usage: these are Alfresco Process Services expressions, for example by invoking a class or Spring bean) or use the Identity Store option. It is recommended to use Identity Store to select groups and users in the system:
|
|
Referenced form |
Allows to configure or create the form for this task. This form (also called _task form) will be rendered when the task is shown in the task list of the user. A user task typically always has a form defined. |
|
Form key |
This is a property that exists for compatibility with the community version. When working with task lists and forms, do not set this property. |
|
Form properties |
This is a property that exists for compatibility with Alfresco Process Services community. When using Alfresco Process Services to work with task lists and forms, do not set this property. |
|
Due date |
Allows to configure a due date for the task. In the task list, tasks can be sorted by due date to see which tasks are needed to be completed the soonest. The possible ways of configuring are:
|
|
Allow email notifications |
When enabled, an email will be sent to the assignee when the task is created. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be created as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listener lets you execute Java code or evaluate an expression when an event occurs during process execution. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
(Used with Multi-Instance type) The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
Use a service task to invoke an external Java class or execute an expression (for example to call a Spring bean).
A service task is visualized as a rounded rectangle with a cog icon inside.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element instance. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Class |
The name of the Java class that implements your service task. Your class must implement JavaDelegate or ActivityBehavior. For more information on methods of invoking Java logic from a service task see the Developer Guide |
|
Expression |
An expression that either executes logic in the expression itself (for example ${execution.setVariable(myVar, someValue)}) or calls a method on a bean known by the Activiti engine (for example ${someBean.callMethod}). You can pass parameters (like the current execution) to the method in the expression. For more information on methods of invoking Java logic from a service task see the Developer Guide. |
|
Delegate expression |
|
|
Class fields |
Field extensions for the service task. |
|
Result variable name |
The name of a process variable in your process definition in which to store the result of this service task. This is only valid when using an expression. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. For more information on multi-instance, see the Developer documentation. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
For a service task it is recommended to make them asynchronous. For example, suppose a service task is called after the user completes a form. When the service task is synchronous, the logic will be executed during the completion action of the user. This means the user has to wait until this logic is finished to have the UI refreshed. Often, this is not needed or wanted. By making the service task asynchronous, the UI will be refreshed when the task is completed. The logic will be executed later.
A script task defines a JavaScript script or other script language (JSR-223 compatible language) that is executed when a process instance executes this step.
A script task is visualized as a rounded rectangle with a paper icon inside.
| Property | Description |
|---|---|
|
Script format |
The JSR-223 [146] name of the scripting engine your script is written for. By default, Alfresco Process Services supports javascript and groovy formats. |
|
Script |
The actual script that will be executed. |
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Variables |
In the script, it is possible to set new process variables (using execution.setVariable(myVariable, myValue)), however these won’t show up automatically in dropdowns later on (like the sequence flow condition builder, forms, etc.). To make them show up, configure this property with the variables that are set or exported by this script task. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. For more information on multi-instance, The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
A Business rule task executes one or more rules.
Business rule tasks are mainly there for compatibility with the community product Activiti. Alfresco recommends that you use Decision tables [101] with Alfresco Process Services
A business rule is depicted as a rounded rectangle with a table icon in the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Rules |
A comma-separated list of rules to include or exclude in this task. |
|
Input variables |
A comma-separated list of process variables to be used as input variables to your rules. |
|
Exclude |
If you check Exclude only rules that you have not specified in Rules will be executed. If the Exclude is unchecked, only the rules you have specified in Rules will be executed. |
|
Result variable |
The name of a process variable in your process definition in which to store the result of this task. the result variable is returned as a list of objects. If you do not specify a result variable name, the default name org.activiti.engine.rules.OUTPUT is used. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. For more information on multi-instance, see the Developer Guide. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
A Receive Task waits for the arrival of an external trigger. This trigger is sent programmatically (via Java or REST API). For process to process triggering, use the signal events.
A receive task is visualized as a rounded rectangle with an envelope icon in the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Variables |
When the API is used to trigger the continuation of the process instance, a set of variables can be passed. However, these won’t appear automatically in drop-down lists later (like the sequence flow condition builder, forms, and so on.). To make them appear, this property needs to be configured with those variables that are set or exported by the script task. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. For more information on multi-instance, see the Developer Guide. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
A Manual Task defines a task that is external to Alfresco Process Services. You use it to model work done which the Process Engine does not know of. A manual task is handled as a pass-through activity, the Process Engine automatically continues the process from the instant process execution arrives at a manual task activity.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
You can enhance your business process with this automatic mail service task that sends emails to one or more recipients. The task supports normal email features such as cc lists, bcc lists, and HTML content.
The mail task is depicted as a rounded rectangle with an envelope icon in the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
To |
The recipient of the e-mail. You can specify multiple recipients in a comma-separated list. When using a fixed value, this can be an expression. It is also possible, like with the user task, to use the Identity store option here to pick users that are known in the system or to reference people that were selected in form fields prior to this email task. |
|
From |
The sender’s email address. If you do not specify this, the default configured system-wide setting from address is used. This can be an expression. |
|
Subject |
The subject of this email. This can be an expression. |
|
Cc |
The cc list for this email. You can specify multiple recipients in a comma-separated list. This can be an expression. |
|
Bcc |
The bcc list for this email. You can specify multiple recipients in a comma-separated list. This can be an expression. |
|
Text |
The text content of this email. You can specify this as well as HTML to support email clients that do not support rich content. The client will fall back to this text-only alternative. |
|
Html |
The HTML content of this email. |
|
Charset |
The charset for this email. By default UTF8 will be used. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
You use the Camel task to send messages to, and receive messages from Apache Camel.
A camel task is visualized as a rounded rectangle with a camel icon in the top-left corner.
You can find more information on Apache Camel here [147]. Note that Camel is by default not installed and would need to be added by the system admin.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Camel context |
A camel context definition. If you do not specify a context, the default Camel context is used. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
Use the Mule task to send messages to the Mule ESB (Enterprise Service Bus).
A mule task is visualized as a rounded rectangle with the Mule logo in the top-left corner.
You can find more information on Mule ESB using https://www.mulesoft.com/resources/esb/what-mule-esb [148]. Note that Mule is by default not installed and would need to be added by the system admin.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Endpoint url |
The Mule endpoint you want to send your message to. |
|
Language |
The language you want to use to evaluate the payloadExpression, for example juel [149]. |
|
Payload expression |
An expression for the message’s payload. |
|
Result variable |
The name of the variable to store the result of the invocation. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
The rest call task is used to communicate with a REST endpoint. The endpoint can be defined in the process definition, or it can be defined company-wide by an administrator. In the latter case, a logical name is all that is needed.
A rest call task is visualized as a rounded rectangle with a rocket icon the top-left corner.
Note that the REST call task always is executed asynchronously.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Endpoint |
Defines which REST endpoint to call. It is an endpoint defined company-wide by the administrator (simply select a logical name in the dropdown) or a URL. You can also use a previously defined form fields or variables to build up the URL. Use the Test button to test the end-point.
If the request mapping (see next property) contains key/value properties or a JSON template, you will be prompted to provide test values for the parameters before the endpoint is tested.
|
|
Request mapping |
Allows to construct the actual request. HTTP GET represents the URL parameters whereas POST/PUT is the JSON body that is created when the request is sent. You can also use fixed values, form fields, or variables defined prior to this activity.
For nested or complex request bodies for POST requests, you can specify a JSON Template which is evaluated at run-time.
The JSON editor provides syntax highlighting and will highlight any JSON syntax errors on the line number indicator. |
|
Response mapping |
Maps the JSON response from the REST endpoint to process variables. You can use a nested notation (for example prop1.prop2.prop3) for mapping values. The mapped response values can be used as variables in further steps of the process. |
See Document Templates [150] in the Developing section for how to modify the template for the Generate document task.
A Generate document task appears as a rounded rectangle with a document icon on the top-left corner.
| Property | Description |
|---|---|
|
ID |
A unique identifier for this task element. |
|
Name |
A name for this task element. |
|
Documentation |
A description of this task element. |
|
Template |
The template which is used to generate the document. It can be uploaded as part of the process definition, or can be defined company-wide by an administrator and reused by multiple process definitions. |
|
Output format |
The document output format will be either PDF or Word. |
|
Document variable |
This is the process variable in which the reference to the generated document is stored. |
| File name | The name of the document that will be created by the task. |
| Additional data source names | A comma separated list of data sources the document will use as the source of the expressions. |
| Additional data source expressions | A comma separated list of expressions to be included in the document. |
You use a decision task to select a decision table while designing your process model. A decision table enables you to define a set of business rules that will be applied when it’s executed. See the LINKHERE section for more information.
A decision task is depicted as a rounded rectangle with a table icon the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Reference decision table |
Defines the actual decision table that will be executed. The decision table can be part of the process definition (a so-called embedded decision table) or defined on itself (a so-called reusable decision table). |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
|
Is for compensation |
If this activity is used for compensating the effects of another activity, you can declare it to be a compensation handler. For more information on compensation handlers see the Developer Guide. |
Use the Store entity task to update data models or entities with process values such as variables or form fields. The updated entities can then be mapped to variables and used while creating processes.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Attribute mapping |
Attributes mapped for this element instance. Click to invoke the Change value for "Attribute Mapping" dialog, where you can map entities or Data Models with form fields and variables used in your process. See the Data Models [151] section for more details. |
You use structural components to group multiple components in a sub process to reuse in a parent process definition, and to embed and call other process definitions from inside your own process.
A sub process is a single activity that contains activities, gateways, and events which form a process. A sub process is completely embedded inside a parent process.
A sub-process is visualized as a rounded rectangle:
You can use a sub process to create a new scope for events. Events that are thrown during execution of the sub process, can be caught by Boundary events [156] on the boundary of the sub process, creating a scope for that event limited to just the sub process.
Sub-processes must have the following characteristics:
A sub process has exactly one none start event. No other start event types are permitted. A sub process must have at least one end event.
Sequence flow cannot cross sub process boundaries.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
You use a collapsed sub-process to add an existing process from your available process definitions as a sub-process to the process definition you are currently editing.
When you drag a collapsed sub-process from the palette to your canvas, and click on the Referenced Subprocess property, you are presented with a visual list of the process definitions you have access to. You can choose from the list, and the chosen process will be added to the current process definition. Note the process chosen must have exactly one none start event, and no other start event type, and it must have at least one end event.
Note that during process instance execution, there is no difference between a collapsed or embedded sub-process. They both share the full process instance context (unlike the call activity).
Note that when you click on the plus icon in a collapsed sub-process, the BPMN editor will open the referenced sub-process definition.
A collapsed sub-process is visualized as a rounded rectangle with a plus icon inside.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element instance. |
|
Referenced Subprocess |
The process definition this collapsed sub-process contains. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
An event sub-process is a sub-process that is triggered by an event. You can use an event sub-process in your main process, or in any sub-process.
The event sub-process start event defines the event to be handled by the sub-process, so the type of start event you use must have an event associated with it – none start events are not supported but the event sub-processes. Your event sub-process can be started by a start message event, start signal event or a start error event. The subscription to the start event is created when the scope, process instance or sub-process, hosting the event sub-process is created. The subscription is removed when the scope is destroyed.
Your event sub-process does not have any incoming or outgoing sequence flows. An event sub-process is triggered by an event, so there can be no incoming sequence flow.
The best way to look at an event subprocess is as a method or routine that is called when something happens, and handle it appropriately.
An event sub-process is visualized like a sub-process with a dashed border.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
A call activity is used to execute another process definition as part of the current process instance.
The main difference between a sub-process and a call activity is that the call activity does not share context with the process instance. Process variables are explicitly mapped between the process instance and the call activity.
A call activity is visualized as a rounded rectangle with a thick border.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Called element |
This is the identifier of the process definition that should be called. |
|
In parameters |
Configures the process variables that are mapped into the called process instance when it’s executed. It’s possible to copy values directly (using the source attribute) or with an expression (using the source expression attribute) in a target variable of the called process instance. |
|
Out parameters |
Configures the process variables that are mapped from the called process instance into the parent process instance. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Execution listeners |
Execution listeners configured for this instance. An execution listeners is a piece of logic that is not shown in the diagram and can be used for technical purposes. |
|
Multi-Instance type |
Determines if this task is performed multiple times and how. The possible values are:
|
|
Cardinality (Multi-instance) |
The number of times the task is to be performed. |
|
Collection (Multi-instance) |
The name of a process variable which is a collection. For each item in the collection, an instance of this task will be created. |
|
Element variable (Multi-instance) |
A process variable name which will contain the current value of the collection in each task instance. |
|
Completion condition (Multi-instance) |
A multi-instance activity normally ends when all instances end. You can specify an expression here to be evaluated each time an instance ends. If the expression evaluates to true, all remaining instances are destroyed and the multi-instance activity ends. |
You use gateways to control the flow of execution in your process.
In order to explain how Sequence Flows are used within a Process, BPMN 2.0 uses the concept of a token. Tokens traverse sequence flows and pass through the elements in the process. The token is a theoretical concept used to explain the behavior of Process elements by describing how they interact with a token as it “traverses” the structure of the Process. Gateways are used to control how tokens flow through sequence flows as they converge and diverge in a process.
As the term gateway suggests, it is a gating mechanism that either allows or prevents passage of a token through the gateway. As tokens arrive at a gateway, they can be merged together on input and/or split apart on output from the gateway.
A gateway is displayed as a diamond, with an icon inside. The icon depicts the type of gateway.
You use an exclusive gateway to model a decision in your process. When execution arrives at an exclusive gateway, the outgoing sequence flows are evaluated in the order in which they are defined. The first sequence flow whose condition evaluates to true, or which does not have a condition set, is selected and the process continues.
An exclusive gateway is visualized as a diamond shape with an X inside.
Note that if no sequence flow is selected, an exception will be thrown.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Flow order |
Select the order in which the sequence flow conditions are evaluated. The first sequence flow that has a condition that evaluates to true (or has no condition) will be selected to continue. |
You use a parallel gateway to model concurrency in a process. It allows you to fork multiple outgoing paths of execution or join multiple incoming paths of execution.
A parallel gateway is visualized as a diamond shape with a plus icon:
In a fork, all outgoing sequence flows are followed in parallel, which creates one concurrent execution for each sequence flow.
In a join, all concurrent executions arriving at the parallel gateway wait at the gateway until an execution has arrived for every incoming sequence flow. Then the process continues past the joining gateway. Note that the gateway simply waits until the required number of executions has been reached and does not check if the executions are coming from different incoming sequence flow.
A single parallel gateway can both fork and join, if there are multiple incoming and outgoing sequence flow. The gateway will first join all incoming sequence flows, before splitting into multiple concurrent paths of executions.
Unlike other gateways, the parallel gateway does not evaluate conditions. Any conditions defined on the sequence flow connected with the parallel gateway are ignored.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced)Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
You use an inclusive to join and fork multiple sequence flows based on conditions.
Like an exclusive gateway you can define conditions on outgoing sequence flows and the inclusive gateway will evaluate them, but an inclusive gateway can take more than one sequence flow, like the parallel gateway.
All outgoing sequence flow conditions are evaluated. Every sequence flow with a condition that evaluates to true, is followed in parallel, creating one concurrent execution for each sequence flow.
The join behavior for an inclusive gateway is more complex than the parallel gateway counterparts. All concurrent executions arriving at the inclusive gateway wait at the gateway until executions that can reach the inclusive gateway have reached the inclusive gateway. To determine this, all current executions of the process instance are evaluated, checking if there is a path from that point in the process instance to the inclusive gateway. (ignoring any conditions on the sequence flow). When one such execution is found, the inclusive gateway join behavior does not activate.
An inclusive gateway is visualized as a diamond shape with a circle icon inside:
Note that an inclusive gateway can have both fork and join behavior, in which case there are multiple incoming and outgoing sequence flows for the same inclusive gateway. The gateway will join all incoming sequence flows that have a process token, before splitting into multiple concurrent paths of executions for the outgoing sequence flows that have a condition that evaluates to true.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element instance. |
|
Name |
A name for this element instance. |
|
Documentation |
A description of this element instance. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. That is, the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. That is, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Flow order |
Select the order in which the sequence flow conditions are evaluated. This is of less importance as for the exclusive gateway, as all outgoing sequenceflow conditions will be evaluated anyway. |
You use an event gateway to route process flow based on events.
Each outgoing sequence flow of the event gateway must be connected to an intermediate catching event. When process execution reaches an event gateway execution is suspended, and for each outgoing sequence flow, an event subscription is created. The flow for the event that occurs first, will be followed.
Outgoing sequence flows connect to an event gateway are never "executed", but they do allow the process engine to determine which events an execution arriving at an event-based gateway needs to subscribe to. The following restrictions apply to event gateways:
The gateway must have two or more outgoing sequence flows.
An event-based gateway can only be followed by intermediate catching events. Receive tasks after an event gateway are not supported by Alfresco Process Services.
An intermediate catching event connected to an event gateway must have a single incoming sequence flow.
An event gateway is visualized as a diamond shape with a plus icon inside. Unlike the parallel gateway, the plus icon is not colored black inside:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element instance. |
|
Name |
A name for this element instance. |
|
Documentation |
A description of this element instance. |
|
Asynchronous |
(Advanced) Define this task as asynchronous. This means the task will not be executed as part of the current action of the user, but later. This can be useful if it’s not important to have the task immediately ready. |
|
Exclusive |
(Advanced) Define this task as exclusive. This means that, when there are multiple asynchronous elements of the same process instance, none will be executed at the same time. This is useful to solve race conditions. |
|
Flow order |
Select the order in which the sequence flow conditions are evaluated. |
You use boundary events to handle an event associated with an activity. A boundary event is always attached to an activity.
While the activity the boundary event is attached to is active (meaning the process instance execution is currently executing it right there), the boundary event is listening for a certain type of trigger. When the event is caught, the activity is either interrupted and the sequence flow going out of the event is followed (interrupting behavior) or a new execution is created from the boundary event (non-interrupting behavior).
A boundary timer event puts a timer on the activity it is defined on. When the timer fires, the sequence flow going out the boundary event is followed.
A boundary timer event is visualized as a circle with a clock icon inside:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Cancel activity |
Defines if the boundary event interrupts the activity is defined upon or not. |
|
Time Cycle |
A timer cycle defined in http://en.wikipedia.org/wiki/ISO_8601 [132] format, for example: R3/PT10H. |
|
Time Date in ISO-8601 |
A point in time defined as a http://en.wikipedia.org/wiki/ISO_8601 [132] date, for example: 2015-04-12T20:20:32Z. |
|
Time Duration |
A period of time defined as a http://en.wikipedia.org/wiki/ISO_8601 [132] duration, for example: PT5M. |
A boundary error event catches an error that is thrown within the boundaries of the activity the event is based on and continues process execution from the event.
A boundary error event is always interrupting.
A boundary timer event is visualized as a circle with a lightning icon inside:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Error reference |
The identifier of the error to catch. |
A boundary signal event listens to a signal being fired (from within the process instance or system-wide) while the activity upon which the event is defined is active.
A boundary signal event is visualized as a circle with a triangle icon inside:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Signal reference |
The signal to listen to. Signals are defined on the root process definition level and are linked with this property. |
A boundary message event listens to a message being received while the activity upon which the event is defined is active.
A boundary message event is visualized as a circle with an envelope icon inside:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Message reference |
The message to listen to. Messages are defined on the root process definition level and are linked with this property. |
The boundary cancel and compensation event are currently experimental features. See http://activiti.org/userguide/index.html#bpmnBoundaryCancelEvent [166] for more information on them.
An intermediate catching event is a step in the process where the process needs to wait for a specific trigger (in BPMN this is described as catching semantics).
An intermediate event is displayed as two concentric circles containing an icon. The icon shows the type of intermediate event:
Conceptually, the intermediate catch events are close to the boundary events, with that exception they don’t define a scope (the activity) for when the event is active. An intermediate catch event is active as long as the trigger hasn’t happened. A boundary event on the other hand can be destroyed if the activity completed.
All the supported intermediate catch events are configured similar to their boundary event counterparts.
An intermediate throw event is used to explicitly throw an event of a certain type.
Currently, two types are supported:
The none intermediate throwing event. No event is thrown. This is mainly used as a marker in the process definition (for example to attach execution listeners that are used to indicate somehow that some state in the process has been reached).
The signal intermediate throwing event. Throws a signal event that will be caught by boundary signal events or intermediate signal catch events listening to that particular signal event.
An intermediate event is displayed as two concentric circles which may contain an icon. If present, the icon shows the type of intermediate event. A throwing none event contains no icon.
You use an end event to signify the end of a process or sub-process, or the end of a path in a process or sub-process.
In a subprocess or process instance, only when all executions have reached an end event will the subprocess be continued or the whole process instance ended.
An end event is displayed as thick black circle which may contain an icon. If present, the icon shows the type of end event. A none end event has no icon.
A none end event ends the current path of execution.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this event. |
You use the end error event to throw an error and end the current path of execution.
The error can be caught by an intermediate boundary error event that matches the error. If no matching boundary error event is found, an exception will be thrown
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this instance. |
|
Error reference |
The error identifier. This is used to find a matching catching boundary error event. If the name does not match any defined error, then the error is used as the error code in the thrown exception. |
When a terminate end event is reached, the current process instance or sub-process will be terminated. Conceptually, when an execution arrives in a terminate end event, the first scope (process or sub-process) will be determined and ended. Note that in BPMN 2.0, a sub-process can be an embedded sub-process, call activity, event sub-process or transaction sub-process. This rule applies in general, for example, when there is a multi-instance call activity or embedded subprocess, only that instance will be ended, the other instances and the process instance are not affected.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this. |
The cancel end event ends the current path of execution and throws a cancel event that can be caught on the boundary of a transaction subprocess.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Execution listeners |
Execution listeners configured for this. |
You use swimlanes to display activities in your process divided by business function or participant group. A process definition can have one swimlane diagram containing one pool, which in turn contains one or more lanes. The pool represents the whole process, and each lane corresponds to a business function or participant group.
For example, the process of selling a book consists of several activities: ordering a book, processing the order, shipping the book, and reading the book. However, the activities are performed by participants in different groups: by the customer, by the sales department, by the warehouse, or store. In the following diagram, process definitions have one pool called Sell a book with three lanes: Customer, Sales, and Store. The process sequence flow moves between lanes in the pool as the order progresses.
When you drag a pool to your process diagram, it creates an unnamed pool containing one unnamed lane. You can add lanes by dragging a lane icon from the palette to the canvas. When you hover over the name box of the pool, the whole pool border turns green, indicating the lane will be added to the pool when you release the mouse button.
You use artifacts to provide additional information about the process. The BPMN editor supports the text annotation artifact which associates additional text to an element in your process, or to the process itself. The text does not influence the execution of a process and is provided by the process designer to give information to the user of the process.
Text annotation
You can set the following properties in the property sheet:
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element instance |
|
Name |
A name for this element instance |
|
Documentation |
A description of this element instance |
|
Text |
The text you want to display in your annotation |
Use this section for actions specific to Alfresco Content Services content store:
Publish to Alfresco task
Retrieve Alfresco Properties
Update Alfresco Properties
Call Alfresco Action
The publish task enables you to publish items that were created or modified during process instance execution to a content store. Currently, the following content stores are supported:
Alfresco Content Services
Box
Google Drive
A publish task is depicted as a rounded rectangle with the icon of the content store on the top-left corner.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Alfresco / Box / Google Drive Content |
Configures what content to publish. You can select a previously defined form field or all the content that was updated during the process instance execution. |
|
Alfresco / Box / Google Drive Destination |
Configures where the content will be published to. You can publish the content using the process initiator or a specific user (this is important when it comes to permissions in the content store). |
The Retrieve Alfresco Properties option enables you to retrieve content-specific properties from Alfresco Content Services and map it to a form field or variable, for example properties of a document. You can retrieve document information after a document is added or referenced via the Attachment form field in Share Connector.
| Property | Description |
|---|---|
|
Id |
A unique identifier for this element. |
|
Name |
A name for this element. |
|
Documentation |
A description of this element. |
|
Alfresco properties |
Retrieves Alfresco Content Services properties for content stored in the form editor or variable, and allows mapping them. |
The Update Alfresco Properties option enables you to update content-specific properties in Alfresco Content Services via a form field or variable. For example, you can update properties of a document linked from Alfresco Content Services via a form attachment field, or process variable.
The Properties sheet displays the same fields as Retrieve Alfresco properties, except that is used for updating properties rather than retrieving.
The Call Alfresco action enables you to invoke the standard Alfresco Content Services actions from Alfresco Process Services.
| Property | Description |
|---|---|
| Id | A unique identifier for this element. |
| Name | A name for this element. |
| Documentation | A description of this element. |
| Content | Retrieves properties Alfresco Content Services for content stored in the form editor or variable. |
| Act as | Identity of the caller: Process Initiator or Specific User. Selecting Specific User lets you select a different user. |
| Repository | Changes the repository account. For example: Alfresco Content Services. |
| Action | Lists a range of actions specific to Alfresco Content Services. Select the options to make changes to the default name and value depending on your requirement. The options are as follows:
|
The form editor provides a powerful drag and drop interface to let you design forms from a rich set of controls. You can define form outcomes and create forms with multiple tabs. Individual controls and whole tabs can be made visible depending on the value of other form fields and process variables. You can design your form with groups of controls in varying numbers of columns.
In the example above, the form editor is open on a form containing two controls, a text box, and a multiline text box.
| Control | Description |
|---|---|
| Text | Allows you to enter text. |
| Multi-line Text | Enables you to enter multiple lines of text within a text box. |
| Number | Allows you to enter a number. |
| Checkbox | Allows selection and deselection of the field. |
| Date | Allows selection of a date from a pop-up calendar. |
| Date/Time | The behavior is similar to that of the Date control, with the added capability of allowing selection of a time value. |
| Dropdown | Allows you to select an item from a displayed list of items. |
| Typeahead | On entering data, displays filtered information in a list and allows selection of a value. |
| Amount | Allows you to input data representing an amount of money and to define a currency type. |
| Radio buttons | Allows you to choose an item from a predefined list. |
| People | Allows you to select a person from a list. |
| Group of people | Allows you to create a group of people by selecting names from a list. |
| Dynamic table | Allows you to input multiple rows of data in a table. |
| Hyperlink | Displays a hyperlink. |
| Header | Acts as a container into which you can drag and drop other control fields. You can organize these into columns and label them. You can also add a title in the header element. |
| Attach File | Allows you to upload and attach files from the file system or other sources, for example, Box, Google Drive. |
| Display value | Allows you to display the value of a field or variable previously submitted in any form. |
| Display text | Allows you to display text for a field. You can also display values previously submitted in any form, and include this within the text. |
There are many situations in a business process where you wish to evaluate some data you have collected and come to some conclusion or decision. Business rules provide a natural way to express the logic of decision making. Typical decision examples are calculating discounts, credit ratings, who to assign tasks to, what service level (SLA) to use, and so on.
There are business rule systems that are hugely complex and intended for a wide range of uses. You can, of course, integrate Alfresco Process Services to these systems if they provide what you need. Often, within a business process, the rules can be very focused and need to be managed by business users. This is where Alfresco Process Services decision tables provide a natural solution.
In a decision table you only test, set and create variables using a set of business rules. There are no other side effects possible, such as calling out to external systems, because these are not needed: process can do all this using the full range of its BPM capabilities before or after a Decision Table task.
You can think of a Decision Table as a spreadsheet that allows you to define a row for each business rule, with columns representing each variable that needs to be tested or set. There are two parts to a rule: the conditions (if they all match, the rule "succeeds") and the conclusions (then set some values). In each cell of the table there can be a value expression that is used to try and match against variable’s values, or to calculate the value to set. When a Decision Table is evaluated, it tries all the rules in turn (so ordering of rules matters), testing and setting values. Depending on how you want the rules to be interpreted, you can set the rules to stop as soon as one rule matches and succeeds in setting its values, or to run through all the rules, setting values for every matching rule. If it runs through all rules, you can think of the last successful rule winning, as it may overwrite values that were set for the same variables in other successful rules.
Decision tables follow the Decision Model Notation (DMN) specification [177].
In the following, we will create a simple process that makes use of a Decision task and its Decision Table. We will use the BPMN editor, but you can just as well use the Step editor to achieve the same result. First let’s take a look at the process we want to create:
In this "Annual Work Review" process, a user can enter the details of his or hers achievements for the current year, and if the work efforts have gone beyond the employee’s obligations a bonus will be given and an email sent notifying the user about it. The logic to decide if a bonus should be given or not is implemented using a Decision Table in the "Calculate bonus" Decision task above. Before we take a look at the Decision Table itself, let’s quickly take a look at the tasks before the "Calculate bonus" Decision task.
The process' start form is shown below and defines 4 fields: obligationsCompleted (boolean), additionalAchievements (string), completedDate (date) and dueDate (date). See the Form editor [178] section for more information on how to create forms.
The second task in the process is a "Script task" that we are using to load some demo user data. It has format javascript and declares 2 variables: yearsOfService (integer) and salary (integer) in the "Variables" property dialog. In the "Script" property dialog for the script task the following code has been added to get some employee data.
execution.setVariable("salary", 1000);
execution.setVariable("yearsOfService", 5);
Now we are ready to create our Decision Table that will have all the input values it needs to decide if a bonus should be given or not. The decision task is created by dragging and dropping a "Decision Task" from the "Activities" section in the editor palette. The only mandatory property is the "Referenced decision table" property in which you should choose "New decision table". Enter "Calculate Bonus" as the name and click the "Create decision table" button to be taken to the decision table editor, as shown below.
Before starting to look at the details of the editor, let’s start by looking at the rules that we want to create to decide if a bonus should be given or not. The logic (or the rules) we will create can be seen in the Decision Table below:
The logic can be summarized as:
IF the user has completed the obligations AND has performed additional achievements AND has worked for the company more than 5 years AND completed the obligations 3 months before the due date
THEN the bonus is 5% of the salary
IF the user has completed the obligations AND has performed additional achievements
THEN the bonus is 3% of the salary
IF the user has completed the obligations AND has worked for the company more than 5 years
THEN the bonus is 3% of the salary
IF the user has completed the obligations AND completed the obligations 3 months before the due date
THEN the bonus is 3% of the salary
IF none of the rules above matched (empty cells are treated as an automatic match)
THEN the user gets no bonus
The expressions in each cell is an MVEL expression. MVEL is an embeddable scripting language that you can read more about here [179]. Note though that you don’t have to write MVEL syntax yourself but can use the edit icon in each cell to display a structured expression dialog where you can create these expressions through a simple interface. Once you are familiar with the syntax you can just enter them directly in the cells, like editing a spreadsheet.
Even if you don’t know MVEL, most expressions are self-explanatory. The complex date expression < fn_subtractDate(dueDate,0,3,0) probably requires a small explanation though. A custom calculation for dates is used that takes the dueDate as the first parameter and then will calculate a date value by subtracting from it the last 3 parameters for years, months and days. In this case the expression checks if the completedDate is 3 months before the due date.
Now create the decision table for yourself. The first thing you need to do is add four input expressions using the Add input button in the Decision Table editor. For each of these, select the process variable or form field to use as input for the column. When adding yearsOfService it should look like the following.
Then you need to add an output column by clicking "Add output", making sure the dialog looks as below to create a new process variable named bonus.
Time to add our rules. Feel free to type them directly into the cell or use the structured editor (which pops up when clicking the edit icon to the right in each cell). Below you can see how the structured editor looks like when adding the date expression from above.
When done, click Validate to make sure your decision table doesn’t contain errors. Note that once you click Validate, the editor will validate your table for every change you make. When you’re happy with your table, click the save icon. You will be prompted to give a "Decision Table key" which can be any value unique to the process.
Back at the BPMN editor add an "Exclusive gateway" and from it add a new "End event" by clicking the circle with the thick border. Select the arrow that connects them and enable the "Default flow" property.
Now drag and drop a "Mail task" and set its "To" property’s "Fixed value" to ${emailBean.getProcessInitiator(execution)} so it sends the email to the initiator of the process. Then enter values for its "Subject" and "Text" (or "Html") properties. Add a sequence flow arrow to connect the gateway to the email task and make sure to set its "Flow condition" property to have an advanced condition as in the image below.
Finally, draw the sequence flow arrow from the mail task to the end event.
We are now ready to use our Decision Table in the Task app. Once you have deployed your process, start an Annual Work Review process by entering the following details in its Start form and click Start Process.
The process detail view is displayed as shown below. After a decision table is executed in a process, it is listed in the Executed Decision Tables section. If something caused the decision table to fail during execution, a red icon with a message is displayed stating an error occurred. Click the Calculate Bonus decision table in the user interface to see details about the decision table and its evaluation.
A decision table is a bit like a black box. You can see the history of it when it was executed. In the image below you can see the audit trail of the decision table.
An input cell marked with a blue border indicates that the expression in the cell matched the input value. If a cell border is red it means it did not match. If it has no border it means it wasn’t evaluated at all (for example, a previous cell had failed to match and is shown as red). If an exception occurs during evaluation it is also marked with a red border, but also with a red error icon in the right part of the cell.
An output cell only displays the value that was set by its expression. A blue border indicates that it was successfully set. A red border indicates an error occurred during execution of the cell expression. For tooltip information, position your cursor over a cell. An example of this can be seen in the image above where the output cell sets the bonus to "30": hover over the cell and the expression used to calculate the value is displayed.
To see a list of all the input values that were provided to the decision table before execution, click the "Input values" section and you will see the table below.
To see a list of all the output values that were set by the decision table after execution, click the "Output values" section and you will see the table below.
You may have noticed that we haven’t yet mentioned anything about the decision table’s "Hit policy". The hit policy decides "how" the decision table will be executed when rules succeed (a "hit"). In our decision table we have selected "First (single pass)", which means the decision engine will execute all rules in the given order until it has found a rule where all cell expressions match their input values. Then no further rules will be tested and the outcome expressions specified on the successful rule will be used to set the output values.
Empty cells are considered to be an automatic match, meaning that a rule with only empty cells will always be treated as succeeding (a hit). In our decision table we have such a rule in row #5, but with the input we gave, it will find a match on row #4 and the rule on row #5 will never get tested.
If we change the Hit policy in our table to be "Any (single pass)" the result after executing the decision table will be different. The execution evaluate all rows until the last rule, even if it found a rule that matched on a previous row.
Given the rules in our example, the Any hit policy does not make much sense, since the result would always be that bonus is set to "0" because the last rule always matches, no matter what input is given.
A Data Model enables you to access and manipulate data related to a business process in Alfresco Process Services. For example, you can define a data model that maps to a relational database (via JDBC) or a custom API to connect to an external source such as a patient database or a customer database.
To use the Data Model functionality effectively, perform one or all of the following steps:
Reference an entity while mapping variables.
Make entity fields visible in the process by mapping them.
Reference mapped entity fields in forms when creating or editing forms.
Reference entity fields in expressions when creating or maintaining decision tables.
You can establish connection from your process with a relational database. To enable the connection, you must first register the data source for your tenant in the Identity Management app in Alfresco Process Services.
To configure the data source:
Name – Name of your data source. For example, modeler.
JDBC url – The JDBC URL used to connect to the database. For example:
jdbc:mysql://127.0.0.1:3306/modeler?characterEncoding=UTF-8 - Driver class – The JDBC driver used to connect to the database. For example: com.mysql.jdbc.Driver - Username & Password – The username and password of the account used to connect to the database. . Click Save.
When configuring data source and data models for DBMSs you will normally require the JDBC driver to be available at run-time. Alfresco Process Services is only supplied with the driver for the H2 database. For other DBMSs (MySQL, Oracle, PostgreSQL) make sure that the relevant JDBC drivers are in the classpath, for example the Tomcat library path or <Process Services Installation>/tomcat/webapps/activiti-app/WEB-INF/lib.
You can either manually define a data model or import it from an existing data source, such as a relational database schema or an Alfresco content model.
Entity name – The name you want to use for the entity, for example, Customer.
Entity description (optional) – Description of the entity.
Table name – The database table name that you want the entity to be mapped to, for example Customer.
Attributes – Displays the entity attributes as you add them.
Attribute name – Name you want to use for the attribute, for example, Customer Id.
Attribute description (optional) – Description of the attribute.
Column name – Column name as specified in the database, for example, id.
Attribute type – One of the following attribute types: String, number, date.
Primary key – Select to indicate if the attribute is a primary key or not.
Database generated value (autoincrement) - Select this if the primary key is set to autoincrement in the database.
Required – Select to indicate if the attribute should be mandatory or not.
The Data Models page is displayed.
The Create a new data model dialog box appears. Or to import an existing data model, click Import Data Model.
This examines the RDBMS of the datasource and creates an entity and an attribute for each table. In this example, we use the MySQL sample database, Sakila. For more information, see https://dev.mysql.com/doc/sakila/en/sakila-installation.html [188].
If you overwrite, any changes made to the entities and the attributes since your last import will be lost.
Select Skip overwriting existing attributes if you have renamed attributes and you want to save your changes while adding new attributes.
Select Overwrite if you want to reset the changes you have made to the attributes and bring in new additions.
Once you have defined the data model for a database data source, the next step is to use them in forms, decision tables, and process conditions, by mapping them into form fields or process variables. For example, to use patients’ information, you can map their information such as their name and address into your forms.
To start accessing data using your data model:
Developers can define a ‘value path’ that is stored in Process Services and made available to the developer at runtime, allowing them programmatic access to the information in the custom control. This information can then be extracted into a custom data model.
The implementation uses the Alfresco data model service AlfrescoCustomDataModelService to connect the custom data models to external sources and perform custom data operations. The value path should be injected into the wrapper bean class to make it available with the mapped complex data model field at application runtime. The value path value is stored in JSON format in the database.
An optional 'Field value path' is available for custom controls in the Attribute mapping for the 'Store Entity task'.
As you collect new data about an entity, you may wish to save this back to the database. However, as this is not done automatically when a form is saved, you must create a task in your process to explicitly save the data you want.
To save data using the data model:
Mapped data model – Select the data model to map your entity with.
Mapped entity – Select the entity to map your data model with.
New Variable/ existing variable – Create a new variable or select an existing variable.
Attribute name – Map the attribute names with the relevant form fields by selecting the relevant form field value from the drop-down list. For example, Customer Id with ID and Customer name with Name.
Mapped value type – Select one of the value types for mapping attributes. In the above example, Form field was selected. However, you can also map your attributes with a static field or variable.
Open your app and click + START. The form fields that you defined in your process appear.
Edit an existing Id (column name) with a new customer name and verify if the changes appear in your database.
Sample database table
While working on the data model functionality, locate or create a database table and its columns from your database and make sure to create matching attributes in your Data Model. For example, the following customer table was used for the customer data model in the above sections.
You can map entities to the Alfresco Content Services repository to create data models for Alfresco Content Services folders.
Before defining a data model for Alfresco Content Services folders entities, you need to establish a repository connection and register the data source in your tenant.
Once you've configured the data source you can define folder entity data models.
This loads the repository source menu.
| Attribute Name | Alfresco Content Services Property | Entity Time |
|---|---|---|
| ID | sys:node-uuid | string |
| Name | cm:name | datasource.driverstring |
| Title | cm:title | datasource.urlstring |
| Created | cm:created | date |
| Creator | cm:creator | string |
| Modified | cm:modified | date |
| Modifier | cm:modifier | string |
| Parent | cm:parentId | string |
With Alfresco Content Services you can define and use custom content models using either XML or the Alfresco Share Model Manager. You can import content models and use them in your data models.
This creates a folder with two XML files.
This prompts you to select the content model file.
Unlike database schemas, importing a content model doesn't overwrite an existing entity if it's currently selected. If the name already exists then an error will be displayed. If it doesn't exist then a new entity is created with the content models using the type name (<type name=”.. >) as the entities name.
You need to activate the content model in Alfresco Share to use it in deployed process applications.
When you've created a folder data model, you can use it in several ways.
You can create an Alfresco Content Services folder entity in Alfresco Content Services repository with the folder metadata.
This is usually a form with the appropriate fields, as in the following example. This example uses a form to provide the Name, Description, and Title for the folder entity and under the parent folder, and is used as the referenced form of the start task.
This can be used in expressions, parameters, and other mappings later on in the process. Use this variable to retrieve the ID of the folder entity for future operations such as update or retrieve.
This indicates to the task that a new folder should be created. Specifying the Id updates an existing folder.
The new process instance is created. You can sign in to Alfresco Share and see the new folder created, and see that in the properties the Name, Title, and Description are set to the values entered in the form.
To create a folder entity you need to provide a parent for the entity parent folder. This can be configured in three different ways.
for the new field to display the Field Configuration
screen.
This is the Alfresco Content Services repository where folder entities will be stored.
This is the folder under which the folder entity will be stored.
You can choose whether to allow users to change the default value and select a new folder. This means the user can select folders in collaborative processes where folders are available. This also allows administrators to provide folder-based grouping of content. For example, the administrator can define a number of different folders for each region.
Alternatively, you can hide this field and enforce a single parent throughout the process application.
This is a variation of the previous method. The parent folder is created and stored as the default for other processes to store all their folder entities.
You can now use the default folder parent value in various ways, including:
This method stops the user from knowing the details of where the entity is stored. You'll need to create a process starting with a form that allows the user to select a parent folder.
The previous approach is possible because parent folder information is stored in a process variable as JSON, for example:
{"path":{"id":"47cb278d-c775-444f-a23e-b9f2d92390da","title":"documentLibrary > my-folder","folderTree":[{"id":"ec5eb0ec-76a0-4175-adbf-dcf3842ed00c","title":"documentLibrary","simpleType":"folder","folder":true},{"id":"47cb278d-c775-444f-a23e-b9f2d92390da","title":"my-folder","simpleType":"folder","folder":true}]},"account":{"id":"alfresco-1","name":"local"},"site":{"id":"health-care","title":"health care"}}
The Store Entity task can recognize the JSON format and extract the values needed. Process developers can construct the parent folder dynamically in code, scripting, or expressions, and store it in a process variable.
Updating a Alfresco Content Services folder entity is similar to creating one using Store Entity tasks, with different key mapped fields.
Unlike the creation operation, the Id attribute is required to update the folder entity. Alternatively, you can supply the parent folder and name of folder instead of the folder id. When you supply a folder id and folder name this renames the folder.
You can sign in to Alfresco Share open the folder to see the updated Title and Description.
As with other data models, there are two ways you can retrieve Alfresco Content Services folder entities and use them in a process or decision table.
Using the form field to data model mapping property in a start or user task to map the form fields to the models attributes. Follow the same process described in Using data model in your processes [183].
When creating or updating folder entities, the entity can be stored in a variable.
These variables can then be used in the process expressions and parameters, forms, or decision tables. To use a variable in a form:
After updating the folder entity a new task is created which uses the Display
Folder name to show the entity attributes.
In Process Services, you create a process models to represent a series of tasks in your business process. This tutorial guides you through creating a simple process model.
The process you are modeling here is a simplified business project lifecycle. Each project has a name, type, due date, and documents associated with it. Each project is started, and then reviewed to determine if it should be accepted on to the project list, or rejected.
The Create a new business process model dialog appears.
For example, First Process.
The Step editor is displayed.
The first step, Process start, is already added to your process. You are going to set the process to start by having the user complete a form.
It expands to allow you to change the step.
If you have some forms in your Forms library, they will be listed here, and you can pick one, but in this tutorial we will create a new form.
The Create a new form dialog appears. The form you create now is part of this process model and is not available in your forms library for use in other process models. If you want to create a form you can reuse in other process models you can do so from the Forms page.
For example, Start form.
The Form Editor is displayed. Design the form by dragging and dropping the field types from the palette to the Form Editor. You can hover over each field in the Design area, and click the pencil icon to edit the field properties, or to remove the field from the form. Each field type offers different options. You can also add a display label in the process to reference a value entered in a field by a user in a running process. You can also define if the field is mandatory for the form to be completed. In this tutorial, you just give labels to the fields.
You are back in the Step editor.
You need to add a Human step that can be used to assign a task to a user.
For this tutorial, use the name Review project.
The Human step allows you to select who the task should be assigned to. You can assign the person who initiated the process, a single named user, a set of candidate users, or depending on the type of your account, a group of users. When a task is assigned to a group or a list of candidate users, all of those users can see the task in their task list, and will need to claim it in order to complete the task. For this tutorial, you will assign all tasks to the process initiator, that’s you, so you can run the process and see the tasks yourself.
This step allows you to take a different action depending on the outcome selected in the associated form.
You can add more choices by clicking on the + icon in the middle of the Choice step. For this tutorial, we only need two based on your accept and reject outcomes.
The text can contain references to values for forms in the process. In addition, there is a helper drop-down list from which a form field reference can be selected. It is inserted at the current cursor position in the text.
The step editor is displayed.
Your process is listed in the Process tab as a thumbnail of the process. You can edit any process from the list by clicking the BPMN Editor button in the top right corner of the thumbnail. You can see additional information about a model by clicking on the thumbnail itself or the Show Details button in the top right corner of the thumbnail. This takes you to the Details page for the process model. Here, you can see a read-only preview of the model and the actions you can perform on it.
Now that you have created a process, you need to create your first app so you can publish and deploy your process model.
You create an Alfresco Process Services process app to group together a number of processes to make them available to yourself or other users. An app is the container for handling a group of published processes and deploying them to a Process Engine. This tutorial leads you through the steps required to create and use an app containing a single process.
This tutorial uses the process model created in the Creating your first process [199] tutorial.
The Create a new app definition dialog appears.
Use the name My First App for this tutorial.
Publishing an app makes it available to everyone you’ve shared it with.
A new app tile is added to your landing page.
Your app is now deployed and ready to be used.
You start a process from the Processes tab of the Task app page. In this section, you are going to start and monitor the process you designed in the previous tutorial. To start the process, first add a process to an app and deploy that app deployed.
The following steps use the process model created in the Creating your first process [199] tutorial, and the corresponding app created and deployed in the Creating your first app [200] tutorial.
The form you created in the Creating your first process [199] tutorial is displayed. . Fill in the details on the form, and add any documents you need, and click START PROCESS.
You are returned to the Processes page, which displays the process list with the process that you just started.
On the Processes page, you can view running processes and see the current and completed tasks. You can also add comments that are available for anyone involved in the process.
The first step in the process is a task to review the project, and accept or reject it. Remember that when you created the first step in Step Editor, you specified that the task should be assigned to the process initiator. Since you started the process, you are the process initiator and this task is assigned to you.
At this stage you can add people, documents, and comments to the task.
The Review Project task is complete and a new task, Update Project List is displayed. You defined this as a choice step in Step Editor, if the user choice was to accept the project.
The task that shows the details of the accepted project is displayed.
You have now completed all the tasks in the process and there are no tasks displayed for you in the Tasks tab. Now, if you click on the Processes tab, you’ll not see any running processes.
You have started your first process, performed the tasks assigned to you in that process, and completed a process successfully.
As you have seen from previous sections, processes are made up of individual tasks. You can also create a single task for yourself or others and assign it for completion. This tutorial guides you through the steps for creating and completing a single task.
In this tutorial you will add a single task Brush teeth and complete the task yourself.
The New task dialog appears.
Your new task appears in the task list, and the task details are displayed in the right-hand panel.
Now you have created a task you can alter the details such as the assignee and the Due date, involve others in the task, add a document and add comments to be shared with other collaborators in the task. For this simple task of Brushing teeth, you are just going to add a due date of today. . Click Due date.
A date chooser drops down.
The Due date now has a timer displayed showing the number of hours before the end of the day. Many fields displayed in Alfresco Process Services can accept user input when you click on them. The Assignee field the task is another example.
The task is removed from the open task list.
You have created and completed your first single task and used some of the filtering capabilities of the Task app.
You can create a process model using the Step Editor or BPMN Editor.
Step Editor lets you define a business process through a sequence of steps. The BPMN Editor is a more powerful process design tool for creating BPMN 2.0 standard models.
Let’s start by creating a process model using the Step Editor:
By default, Step Editor includes a number of Steps, however this depends on the Stencil that you selected for editing the process model.
The Forms editor has the following tabs:
Design - Define the layout of form fields from the palette.
Tabs - Customize tab names to display in the form.
Outcomes - Define the outcome buttons for the form.
Style - Define the style (css) for the form elements. For example, adding the following style in the Style panel will convert the field background to blue:
.fields {
background-color: blue;
}
Javascript - Define javascript code for an element in the form. For example:
// __var currentUser = scope.$root.account;__
__console.log(currentUser);__
__alert ("Hello World!");__
Properties - Define custom properties (metadata) for the form. This is particularly useful when using a custom form renderer (Jave API or Rest API) to retrieve the properties.
Variables - Define variables in the form.
You can design the form layout by dragging and dropping the required field type from the palette on the left to the form editor.
For each field dropped in the Design area, you can hover over it and edit the field properties using the pencil icon. Alternatively, click X to remove a field from the form.
Add labels for the selected fields. Optionally, you can reference a display label with the value entered by a user running the process. In addition, you can also define if the field is required to be filled before the form can be completed.
You can also specify who this task should be assigned to. For example:
Someone who initiated the process
A single user
A set of candidate users or depending on the type of account, a group of users.
To simplify a process, assign all tasks to the process initiator so that you can run the process and have the tasks assigned to yourself.
Accept
Reject
The next step depends on the outcome selected in the previous step.
You can also add additional choices by clicking the + (plus) icon in the center of the Choice step.
All your processes are listed with a thumbnail of the process. You can edit a process from the list by clicking Visual Editor. For any additional information about a model, click the thumbnail itself or the Show Details button on the top right corner of the thumbnail. This takes you to the Details page for the process model where you can see the preview model as well as the actions that you can perform on it.
Tips:
When you edit and save a model, you can choose for the changes to be saved as a new version.
Previous versions can be accessed from the History popup, as can any commentary from the Comments popup, where you can add further comments.
Other action buttons are self-explanatory such as deleting, starring (favorites), sharing, and downloading the model.
Now that we have a process defined, let’s create a process app using the Apps page.
You can do similar actions on an app in its Details page for all models, such as deleting and sharing. You can also publish the app directly instead of doing it via the Save dialog. Publishing an app makes it available to everyone you’ve shared it with to add to their landing page. Let’s add it to our landing page so we can see our process in action.
A process app is a collection of processes that you want to group together to make them available to yourself or other users you share it with.
To access tasks and processes:
When you involve someone else in a task, it will appear in their tasks list. This enables them to contribute to the task such as add comments, documents, and even involve more people. However, only the person who is assigned the task with can actually complete it. In the following example we’ve added a document, a comment, and involved a person.
Tasks that are directly assigned to you
Tasks where you are listed as a candidate
Tasks that belong to the group you’re member of
Now that the tasks have been created, let’s start the process we designed earlier.
You will be returned to the Processes page, showing the details of the newly started process in your process list.
You can always view a process to see what the current and completed tasks are, as well as add comments that will be available for anyone involved in the process at any stage. If you go to the Task page that we just created, you will see the first step in the process is that of a task to review the project, and accept or reject it. The task was assigned to you because it was set to the process initiator, and you started the process.
Before you fill in the review summary and choose accept or reject, you can still add people, documents, and comments by clicking on the Show details button in the task header area. You can get back to the form from there by clicking the Show form button. If you click the Accept button, the Review Project task will disappear and instead a new task, Update Project List will appear. This is because you defined it as the next choice step in the Step Editor, if the choice was to accept the project. You can just click the Complete button to move to the next step, which is a task to show the details of the accepted project.
When you complete this task, your task list and your process list will be empty. If you prefer to see all your tasks and processes in one place rather than through different process apps, you can use the My Tasks tile to get your complete task and process lists.
The Tasks App screen is displayed and the involved
Tasks option is highlighted.
The new Involved Task is displayed.
If the group exists, the matching group name is displayed on the screen.
To experiment with Process Services it is recommended to deploy with Docker for Desktop. [208]
For production environments, there is a reference Helm chart [209] available and Docker images in Quay.io [210]. See the containerization support policy [211] for information regarding the supportability of Docker images and Helm charts.
You can start Alfresco Process Services from a number of Docker images. These images are available in the Docker Hub [214] and Quay [215] repositories. However, starting individual Docker containers based on these images, and configuring them to work together might not be the most productive way to get up and running.
There are Helm charts available to deploy Alfresco Process Services in a Kubernetes cluster, for example, on Amazon Web Services (AWS). These charts are a deployment template which can be used as the basis for your specific deployment needs. The Helm charts are undergoing continual development and improvement and should not be used "as-is" for a production deployment, but should help you save time and effort deploying Alfresco Process Services for your organization.
The following is a list of concepts and technologies that you'll need to understand as part of deploying and using Alfresco Process Services. If you know all about Docker, then you can skip this part.
Virtual Machine Monitor (Hypervisor)
A Hypervisor is used to run other OS instances on your local host machine. Typically it's used to run a different OS on your machine, such as Windows on a Mac. When you run another OS on your host it is called a guest OS, and it runs in a Virtual Machine (VM).
Image
An image is a number of layers that can be used to instantiate a container. This could be, for example, Java and Apache Tomcat. You can find all kinds of Docker images on the public repository Docker Hub [216]. There are also private image repositories (for things like commercial enterprise images), such as the one Alfresco uses called Quay [215].
Container
An instance of an image is called a container. If you start this image, you have a running container of this image. You can have many running containers of the same image.
Docker
Docker is one of the most popular container platforms. Docker [217] provides functionality for deploying and running applications in containers based on images.
Dockerfile
A Dockerfile is a script containing a successive series of instructions, directions, and commands which are run to form a new Docker image. Each command translates to a new layer in the image, forming the end product. The Dockerfile replaces the process of doing everything manually and repeatedly. When a Dockerfile finishes building, the end result is a new image, which you can use to start a new Docker container.
Difference between containers and virtual machines
It's important to understand the difference between using containers and using VMs. Here's a picture from What is a Container | Docker [218]:
The main difference is that when you run a container, you are not starting a complete new OS instance. This makes containers much more lightweight and quicker to start. A container also takes up much less space on your hard-disk as it doesn't have to ship the whole OS.
Process Services and Process Services Administrator can be deployed using separate Docker containers.
The Docker images for Process Services are available on Docker Hub [219].
docker pull alfresco/process-services:1.10.0
docker pull alfresco/process-services-admin:1.10.0
docker run -p {port}:8080 alfresco/process-services
docker run -p {port}:8080 alfresco/process-services-admin
docker run -p 8095:8080 alfresco/process-services-admin
It is possible to override the default environment variables for Process Services [220] and Process Services Administrator [221].
It is possible to override the default variables to configure the Docker container.
There are three options for specifying your own variables during a Docker deployment:
For variables that correspond to the activiti-app.properties file:
| Property | Description | Default value |
|---|---|---|
| ACTIVITI_DATASOURCE_DRIVER | The JDBC driver used to connect to the database. | org.h2.Driver |
| ACTIVITI_HIBERNATE_DIALECT | The dialect that Hibernate uses that is specific to the database type. | org.hibernate.dialect.H2Dialect |
| ACTIVITI_LICENSE_MULTI_TENANT | Set whether the license used is a multi-tenant one or not. | false |
| ACTIVITI_DATASOURCE_URL | The location of the database that will be used. | jdbc:h2:mem:db1;DB_CLOSE_DELAY=1000 |
| ACTIVITI_DATASOURCE_USERNAME | The username to access the database with. | alfresco |
| ACTIVITI_DATASOURCE_PASSWORD | The password for the ACTIVITI_DATASOURCE_USERNAME user. | alfresco |
| ACTIVITI_ADMIN_EMAIL | The email address for the default administrator user. | admin@app.activiti.com |
| ACTIVITI_ADMIN_PASSWORD_HASH | The hashed password for ACTIVITI_ADMIN_EMAIL user. | |
| ACTIVITI_CORS_ENABLED | Sets whether Cross Origin Resource Sharing (CORS) is enabled or not. | true |
| ACTIVITI_CORS_ALLOWED_ORIGINS | The host origins allowed in CORS requests. | * |
| ACTIVITI_CORS_ALLOWED_METHODS | The HTTP request methods allowed for CORS requests. | GET,POST,HEAD,OPTIONS,PUT,DELETE |
| ACTIVITI_CORS_ALLOWED_HEADERS | The headers that can be set in CORS requests. | Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token |
| ACTIVITI_CSRF_DISABLED | Sets whether Cross Site Request Forgery is disabled or not. | true |
| ACTIVITI_ES_SERVER_TYPE |
Set this to rest to enable the REST client implementation. |
rest |
| ACTIVITI_ES_REST_CLIENT_ADDRESS | The IP address of the Elasticsearch instance. | localhost |
| ACTIVITI_ES_REST_CLIENT_PORT |
The port to contact Elasticsearch through. |
9200 |
| ACTIVITI_ES_REST_CLIENT_SCHEMA |
Sets whether the connection to Elasticsearch uses http or https. |
http |
| ACTIVITI_ES_REST_CLIENT_AUTH_ENABLED |
Sets whether authentication is enabled for the REST connection to Elasticsearch. |
false |
| ACTIVITI_ES_REST_CLIENT_USERNAME |
The username of the Elasticsearch user. |
admin |
| ACTIVITI_ES_REST_CLIENT_PASSWORD |
The password for the Elasticsearch user. |
esadmin |
| ACTIVITI_ES_REST_CLIENT_KEYSTORE |
The keystore used to encrypt the connection to the Elasticsearch instance. |
|
| ACTIVITI_ES_REST_CLIENT_KEYSTORE_TYPE |
The type of keystore used for encrypting the Elasticsearch connection data. |
jks |
| ACTIVITI_ES_REST_CLIENT_KEYSTORE_PASSWORD |
The password for the keystore used encrypting the Elasticsearch connection data. |
For variables that correspond to the activiti-identity-service.properties file:
| Property | Description | Default value |
|---|---|---|
| IDENTITY_SERVICE_ENABLED | Sets whether the Identity Service is enabled or not. | false |
| IDENTITY_SERVICE_REALM | The name of the realm used by the Identity Service. | alfresco |
| IDENTITY_SERVICE_SSL_REQUIRED | Sets whether communication to and from the Identity Service is over HTTPS or not. | none |
| IDENTITY_SERVICE_RESOURCE | The Client ID for Process Services within the Identity Service realm. | alfresco |
| IDENTITY_SERVICE_PRINCIPAL_ATTRIBUTE | The attribute used to populate UserPrincipal with. This needs to be set to email for Process Services to authenticate with the Identity Service. | |
| IDENTITY_SERVICE_ALWAYS_REFRESH_TOKEN | Sets whether the token is refresh for every request to the Identity Service or not. | true |
| IDENTITY_SERVICE_AUTODETECT_BEARER_ONLY | Allows for unauthorized access requests to be redirected to the Identity Service sign in page. | true |
| IDENTITY_SERVICE_TOKEN_STORE | The location of where the account information token is stored. | session |
| IDENTITY_SERVICE_ENABLE_BASIC_AUTH | Sets whether basic authentication is allowed is supported by the adapter. | true |
| IDENTITY_SERVICE_PUBLIC_CLIENT | Sets whether the adapter sends credentials for the client to the Identity Service. It will not send the credentials if this is set to true. | true |
| IDENTITY_SERVICE_AUTH | Sets the authentication URL for the Identity Service. The localhost value and port number need to be replaced with the DNS or address used for the deployment. | http://localhost:8080/auth |
| IDENTITY_CREDENTIALS_SECRET | The secret key for the client if the access type is not public. | |
| IDENTITY_SERVICE_USE_BROWSER_BASED_LOGOUT | Sets whether signing out of Process Services calls the Identity Service
logout URL. If set to true, set the Admin URL to https://{server}:{port}/activiti-app/ under the client settings in the Identity Service management console. |
true |
There are three options for specifying your own variables during a Docker deployment:
environment: ACTIVITI_ADMIN_EXTERNAL_PROPERTIES_FILE: https://your-s3-bucket.com/activiti-admin.properties
| Property | Description | Default value |
|---|---|---|
| ACTIVITI_ADMIN_DATASOURCE_DRIVER | The JDBC driver used to connect to the database for Process Services Administrator. | org.h2.Driver |
| ACTIVITI_ADMIN_HIBERNATE_DIALECT | The dialect that Hibernate uses that is specific to the database type for the Process Services Administrator. | org.hibernate.dialect.H2Dialect |
| ACTIVITI_ADMIN_REST_APP_HOST | The location of the Administrator API. This should be set to the DNS name of the deployment. | localhost |
| ACTIVITI_ADMIN_REST_APP_PORT | The port for the Administrator API. | 80 |
| ACTIVITI_ADMIN_REST_APP_USERNAME | The default user for the Admin API. | admin@app.activiti.com |
| ACTIVITI_ADMIN_REST_APP_PASSWORD | The default password for the Admin API | admin |
docker login quay.io
# Linux cat ~/.docker/config.json | base64
# Windows base64 -w 0 ~/.docker/config.json
apiVersion: v1 kind: Secret metadata: name: quay-registry-secret type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: <your-base64-string>
kubectl create -f <file-location>/secrets.yaml --namespace=$NAMESPACE
kubectl create secret generic licenseaps --from-file=./activiti.lic --namespace=$NAMESPACE
helm repo add alfresco-stable https://kubernetes-charts.alfresco.com/stable
alfresco-identity-service: enabled: true
helm install alfresco-stable/alfresco-process-services --set dnsaddress="http://$DNS" \ --namespace=$NAMESPACE --set license.secretName=licenseaps
ingress:
path: /activiti-app
The following information details the properties that can be set for Process Services when deploying via Helm on Amazon's Elastic Container Service for Kubernetes (Amazon EKS).
The following properties can be configured in the values.yaml file or overridden as environment variables:
| Property | Description | Default value |
|---|---|---|
| ACTIVITI_DATASOURCE_DRIVER | The JDBC driver used to connect to the database. | org.postgresql.Driver |
| ACTIVITI_HIBERNATE_DIALECT | The dialect that Hibernate uses that is specific to the database type. | org.hibernate.dialect.PostgreSQLDialect |
| ACTIVITI_LICENSE_MULTI_TENANT | Set whether the license used is a multi-tenant one or not. | false |
| ACTIVITI_DATASOURCE_URL | The location of the database that will be used. | |
| ACTIVITI_DATASOURCE_USERNAME | The username to access the database with. | alfresco |
| ACTIVITI_DATASOURCE_PASSWORD | The password for the ACTIVITI_DATASOURCE_USERNAME user. | alfresco |
| ACTIVITI_CORS_ENABLED | Sets whether Cross Origin Resource Sharing (CORS) is enabled or not. | true |
| ACTIVITI_CORS_ALLOWED_ORIGINS | The host origins allowed in CORS requests. | * |
| ACTIVITI_CORS_ALLOWED_METHODS | The HTTP request methods allowed for CORS requests. | GET,POST,HEAD,OPTIONS,PUT,DELETE |
| ACTIVITI_CORS_ALLOWED_HEADERS | The headers that can be set in CORS requests. | Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token |
| ACTIVITI_CSRF_DISABLED | Sets whether Cross Site Request Forgery is disabled or not. | true |
| ACTIVITI_ES_SERVER_TYPE |
Set this to rest to enable the REST client implementation. |
rest |
| ACTIVITI_ES_REST_CLIENT_ADDRES | The IP address of the REST client. | localhost |
| ACTIVITI_ES_REST_CLIENT_PORT |
The port to contact Elasticsearch through. |
9200 |
| ACTIVITI_ES_REST_CLIENT_SCHEMA |
Sets whether the connection to Elasticsearch uses http or https. |
http |
| ACTIVITI_ES_REST_CLIENT_AUTH_ENABLED |
Sets whether authentication is enabled for the REST connection to Elasticsearch. |
false |
| ACTIVITI_ES_REST_CLIENT_USERNAME |
The username of the Elasticsearch user. |
admin |
| ACTIVITI_ES_REST_CLIENT_PASSWORD |
The password for the Elasticsearch user. |
esadmin |
| ACTIVITI_ES_REST_CLIENT_KEYSTORE |
The keystore used to encrypt the connection to the Elasticsearch instance. |
|
| ACTIVITI_ES_REST_CLIENT_KEYSTORE_TYPE |
The type of keystore used for encrypting the Elasticsearch connection data. |
jks |
| ACTIVITI_ES_REST_CLIENT_KEYSTORE_PASSWORD |
The password for the keystore used encrypting the Elasticsearch connection data. |
|
| ACTIVITI_ADMIN_DATASOURCE_DRIVER | The JDBC driver used to connect to the database for Process Services Administrator. | org.postgresql.Driver |
| ACTIVITI_ADMIN_HIBERNATE_DIALECT | The dialect that Hibernate uses that is specific to the database type for the Process Services Administrator. | org.hibernate.dialect.PostgreSQLDialect |
| ACTIVITI_ADMIN_EMAIL | The email address for the default administrator user. | admin@app.activiti.com |
| ACTIVITI_ADMIN_PASSWORD_HASH | The hashed password for ACTIVITI_ADMIN_EMAIL user. | |
| ACTIVITI_ADMIN_REST_APP_HOST | The location of the Administrator API. This should be set to the DNS name of the deployment. | localhost |
| ACTIVITI_ADMIN_REST_APP_PORT | The port for the Administrator API. | 80 |
| ACTIVITI_ADMIN_REST_APP_USERNAME | The default user for the Admin API. | admin@app.activiti.com |
| ACTIVITI_ADMIN_REST_APP_PASSWORD | The default password for the Admin API | admin |
| BASE_PATH | The base path of Process Workspace. This needs to match the setting of the ingress path if it is changed. | / |
| APP_CONFIG_AUTH_TYPE | The authentication method for Process Workspace. | OAUTH |
| APP_CONFIG_BPM_HOST | The location of Process Services. | http://DNS |
| APP_CONFIG_OAUTH2_HOST | The URL used to authenticate Process Workspace with against the Identity Service. | http://DNS/auth/realms/alfresco |
| APP_CONFIG_OAUTH2_CLIENTID | The client configured in the Identity Service for Process Workspace. | activiti |
| APP_CONFIG_OAUTH2_REDIRECT_LOGIN | The redirect for sign in that Process Workspace will use when configured with Identity Service. This will normally match BASE_PATH. | / |
| APP_CONFIG_OAUTH2_REDIRECT_LOGOUT | The redirect for sign out that Process Workspace will use when configured with Identity Service. This will normally match BASE_PATH. | / |
| APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | The silent redirect used by Process Workspace if a user is already authenticated. | http://DNS/process-workspace/assets/silent-refresh.html |
| IDENTITY_SERVICE_ENABLED | Sets whether the Identity Service is enabled or not. | false |
| IDENTITY_SERVICE_REALM | The name of the realm used by the Identity Service. | alfresco |
| IDENTITY_SERVICE_SSL_REQUIRED | Sets whether communication to and from the Identity Service is over HTTPS or not. | none |
| IDENTITY_SERVICE_RESOURCE | The Client ID for Process Services within the Identity Service realm. | alfresco |
| IDENTITY_SERVICE_PRINCIPAL_ATTRIBUTE | The attribute used to populate UserPrincipal with. This needs to be set to email for Process Services to authenticate with the Identity Service. | |
| IDENTITY_SERVICE_ALWAYS_REFRESH_TOKEN | Sets whether the token is refresh for every request to the Identity Service or not. | true |
| IDENTITY_SERVICE_AUTODETECT_BEARER_ONLY | Allows for unauthorized access requests to be redirected to the Identity Service sign in page. | true |
| IDENTITY_SERVICE_TOKEN_STORE | The location of where the account information token is stored. | session |
| IDENTITY_SERVICE_ENABLE_BASIC_AUTH | Sets whether basic authentication is allowed is supported by the adapter. | true |
| IDENTITY_SERVICE_PUBLIC_CLIENT | Sets whether the adapter sends credentials for the client to the Identity Service. It will not send the credentials if this is set to true. | true |
| IDENTITY_CREDENTIALS_SECRET | The secret key for the client if the access type is not public. | |
| IDENTITY_SERVICE_AUTH | Sets the authentication URL for the Identity Service. The localhost value and port number need to be replaced with the DNS or address used for the deployment. | http://localhost:8080/auth |
| IDENTITY_SERVICE_USE_BROWSER_BASED_LOGOUT | Sets whether signing out of Process Services calls the Identity Service
logout URL. If set to true, set the Admin URL to https://{server}:{port}/activiti-app/ under the client settings in the Identity Service management console. |
true |
To experiment with Process Services it is recommended to install using a setup wizard [228]
For production environments it is recommended that you install manually [229].
It is recommended that you install the administrator application in a separate container to Process Services in a production environment. It is possible to install the two applications in the same web container, however separate containers allows them to be managed in isolation from one another.
The download files are available from the support portal [24].
In MySQL:
CREATE DATABASE activiti
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
In MySQL:
CREATE USER 'alfresco'@'localhost' IDENTIFIED BY 'alfresco';
In MySQL:
GRANT ALL ON activiti.* TO 'alfresco'@'localhost';
For example:
datasource.driver=com.mysql.jdbc.Driver
datasource.url=jdbc:mysql://127.0.0.1:3306/activiti?characterEncoding=UTF-8
datasource.username=alfresco
datasource.password=alfresco
hibernate.dialect=org.hibernate.dialect.MySQLDialect
For Tomcat and MySQL:
Copy the MySQL java connector jar to <Tomcat install location>/lib
For Tomcat:
For Tomcat:
In MySQL:
CREATE DATABASE activitiadmin
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
CREATE USER 'alfresco'@'localhost' IDENTIFIED BY 'alfresco';
In MySQL:
GRANT ALL ON activitiadmin.* TO 'alfresco'@'localhost';
For example:
datasource.driver=com.mysql.jdbc.Driver
datasource.url=jdbc:mysql://127.0.0.1:3306/activitiadmin?characterEncoding=UTF-8
datasource.username=alfresco
datasource.password=alfresco
hibernate.dialect=org.hibernate.dialect.MySQLDialect
For Tomcat:
For Tomcat:
Move the process-workspace.war file into your web container and restart the server.
Using Tomcat as an example, this would be the /webapps folder.
Alternatively, you can manually deploy Process Workspace into your web container using the following steps:
The setup wizards are evaluation copies that are useful for trials and experimentation. The h2 database provided with them is not suitable for use in a production environment.
The setup wizards install their own Apache Tomcat container for Process Services, an h2 database and all prerequisite software for Alfresco Process Services to run on your chosen operating system.
chmod 777 <installer file name>
./<installer file name>
./start-process-services.sh
A license file can be obtained from support or a link is provided via email to download a temporary (30-day) license if you signed up for a free trial.
There are two options for how to apply a license file [242] to Process Services.
Alternatively, you can manually move the activiti.lic file into the web container.
For example using Tomcat: <Tomcat install location>\lib\
This section describes how to install and configure Alfresco Process Services.
You can upgrade from earlier versions to Alfresco Process Services 1.10.
There are two methods for upgrading:
Using the Process Services installation wizard
Using the WAR file distribution
You can use the Alfresco Process Services installation wizard to upgrade to the latest version. The process is similar to installing for the first time. For more details, see the Installing using setup wizards [228] section.
To upgrade:
Alternatively, copy the license to your home directory using the terminal (OSX) or command prompt (Windows):
~/.activiti/enterprise-license/ or C:\.activiti\enterprise-license
Tip: You can also upload a license from the user interface. See the Uploading a license file [242] section for more details.
You can upgrade using the WAR file in your application server distribution. These instructions use the WAR file from the Apache Tomcat based distribution, however you can choose from different distributions for various application servers.
Review the Supported Stacks [251] list to see what’s supported.
To upgrade using the War file:
Any database upgrade changes should have now been applied.
You can run the application on multiple servers, for performance, resilience or for failover reasons. The application architecture is designed to be stateless. This means that any server can handle any request from any user. When using multiple servers, it is enough to have a traditional load balancer (or proxy) in front of the servers running the Alfresco Process Services application. Scaling out is done in a "horizontal" way, by adding more servers behind the load balancer.
Note that each of the servers will connect to the same relational database. While scaling out by adding more servers, make sure that the database can handle the additional load.
Configure Alfresco Process Services using a properties file named activiti-app.properties. This file must be placed on the application server’s classpath to be found.
Additionally, the properties file is available with the following options:
An activiti-app.properties file with default values in the WAR file (or exploded WAR folder) under the WEB-INF/classes/META-INF/activiti-app folder.
An activiti-app.properties file with custom values on the classpath. For example, the WEB-INF/classes folder of the WAR, the /lib folder of Tomcat, or other places specific to the web container being used.
The values of a configuration file on the classpath have precedence over the values in the WEB-INF/classes/META-INF/activiti-app/activiti-app.properties file.
For the Alfresco Process Services user interface, there is an additional configuration file named app-cfg.js. This file is located inside the .war file’s script directory.
At a minimum, the application requires the following settings to run:
A database connection that is configured either Using JDBC Connection Parameters [252] or Using a JNDI Data Source [253]
An accurate Hibernate dialect - see Hibernate Settings [254]
All other properties use the default settings, and this will be allow the application to start up and run.
By default, the following properties are defined.
|
Property |
Description |
Default |
|
server.contextroot |
The context root on which the user accesses the application. This is used in various places to generate URLs to correct resources. |
activiti-app |
|
security.rememberme.key |
Used for cookie validation. In a multi-node setup, all nodes must have the same value for this property. |
somekey |
|
security.csrf.disabled |
When true, the cross-site forgery (CSRF) protection is disabled. |
false |
|
security.signup.disabled |
When true, the Alfresco Process Services sign up functionality is disabled. An error message sign up is not possible will be displayed. |
false |
You need to know what encryption algorithms are supported. If you’re using the JVM to which the application will be deployed you can do this using the listAlgorithms tool that Jasypt provides: http://www.jasypt.org/cli.html [281]
If you do not specify an algorithm to Jasypt, then you effectively obtain the default of PBEWithMD5AndDES. Some algorithms may appear in the list but may not be usable as the JRE policy blocks them.
If you want to increase your range of choices then you can modify the JRE policies: https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1698523.html [282]There is an equivalent for the IBM JRE: https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=jcesdk. [283]
Algorithms using AES are generally considered most secure. TripleDES also passes security checks at present. You should consult your security department for advice specific to your organization and the needs of your server.
You can use the encrypt script that comes with Jasypt to encrypt the value against your chosen secret password. In addition to their documentation, see this guide: http://www.programering.com/a/MjN1kTNwATg.html [284].
We recommend to avoid using quotes. Also check that you can decrypt the value, preferably using the intended JRE.
See the application installation instructions.
If the property is called datasource.password, remove the existing entry and put in a new entry of the form datasource.password=ENC(<ENCRYPTEDPASSWORD>) where ENCRYPTEDPASSWORD is the value encrypted by Jasypt.
If, for example, you are using Tomcat on Unix then you could include a shell script called setenv.sh in tomcat_home/bin with the following content:
export JAVA_OPTS="$JAVA_OPTS -Djasypt.encryptor.password=secretpassword -Djasypt.encryptor.algorithm=PBEWITHSHA1ANDDESEDE"This assumes that your password is ‘secretpassword’ and you are using the algorithm PBEWITHSHA1ANDDESEDE. The configuration could alternatively be done in startup.sh.
If you then run using catalina.sh you will see the secret password in the logging on application startup. This is a Tomcat feature, which you can disable by removing <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> from your Tomcat's server.xml https://stackoverflow.com/questions/35485826/turn-off-tomcat-logging-via-spring-boot-application [285]You may initially, however, want to leave this on for diagnostic purposes until you’ve proven you’ve got encryption working. For an example of this, see https://stackoverflow.com/questions/17019233/pass-user-defined-environment-variable-to-tomcat [286]
For other servers there will be other ways of setting environment/JVM variables. These values can be read as JVM parameters, environment variables or as property file entries (though you would not want to put the secret encryption password in a property file). Therefore, with WebSphere they could set using JVM parameter config http://www-01.ibm.com/support/docview.wss?uid=swg21417365 [287] or environment variable config https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/welcvariables.html. [288]
The application should now start as normal. If it doesn’t, try without the encrypted values and without the encryption parameters to determine whether the problem is related to the encryption setup. Check that you are able to encrypt and decrypt with Jasypt to rule out any issues due to copy-paste errors.
Some property values (though not sensitive ones) are logged by Alfresco applications if the log level is set high. If you want to restrict this then reduce the log level inlog4j.properties
Set the following properties to change the database.
Using JDBC Connection Parameters
|
Property |
Description |
|---|---|
| datasource.driver |
The JDBC driver used to connect to the database. Note that the driver must be on the classpath of the web application. |
| datasource.url |
The JDBC URL used to connect to the database. |
| datasource.username |
The user of the database system that is used to connect to the database. |
| datasource.password |
The password of the above user. |
Example:
datasource.driver=com.mysql.jdbc.Driver datasource.url=jdbc:mysql://127.0.0.1:3306/activiti?characterEncoding=UTF-8 datasource.username=alfresco datasource.password=alfresco
Connection Pooling
When using JDBC Connection Parameters, you can configure the following connection pool settings to suit the anticipated load.
|
Property |
Description |
Value |
| datasource.min-pool-size |
The minimum number of connections in the connection pool. |
5 |
| datasource.max-pool-size |
The maximum number of connections in the connection pool. |
100 |
| datasource.acquire-increment |
The number of additional connections the system will try to acquire each time the connection pool is exhausted. |
5 |
| datasource.preferred-test-query |
The query used to verify that the connection is still valid |
No default value (not a required property). The value depends on the database: select 1 for H2, MySQL, PostgreSQL and Microsoft SQL Server, SELECT 1 FROM DUAL for Oracle and SELECT current date FROM sysibm.sysdummy1 for DB2. |
| datasource.test-connection-on-checkin |
Boolean value. If true, an operation will be performed asynchronously on every connection checkin to verify that the connection is valid. For best performance, a proper datasource.preferred-test-query should be set. |
true |
| datasource.test-connection-on-checkout |
Boolean value. If true, an operation will be performed asynchronously on every connection checkout to verify that the connection is valid. Testing Connections on checkout is the simplest and most reliable form of Connection testing. For best performance, a proper datasource.preferred-test-query should be set. |
true |
| datasource.max-idle-time |
The number of seconds a connection can be pooled before being discarded. |
1800 |
| datasource.max-idle-time-excess-connections |
Number of seconds that connections in excess of minPoolSize should be permitted to remain idle in the pool before being discarded. The intention is that connections remain in the pool during a load spike. |
1800 |
The connection pooling framework used is C3P0 [289]. It has extensive documentation on the settings described above.
Using a JNDI Data source
If a JNDI data source is configured in the web container or application server, the JNDI name should be set with the following properties:
|
Property |
Description |
Value |
|
datasource.jndi.name |
The JNDI name of the datasource. This varies depending on the application server or web container. |
jdbc/activitiDS |
|
datasource.jndi.resourceRef |
Set whether the look up occurs in a J2EE container, that is, if the prefix java:comp/env/ needs to be added if the JNDI name doesn’t already contain it. |
true |
Example (on JBoss EAP 6.3):
datasource.jndi.name=java:jboss/datasources/activitiDS
Hibernate settings
The Alfresco Process Services specific logic is written using JPA 2.0 with Hibernate as implementation. Note that the Process Engine itself uses MyBatis [290] for full control of each SQL query.
Set the following properties.
|
Property |
Description |
Mandatory |
| hibernate.dialect |
The dialect implementation that Hibernate uses. This is database specific. |
Yes. Very important to set the correct dialect, otherwise the app might not boot up. |
The following values are used to test Alfresco Process Services.
|
Database |
Dialect |
|
H2 |
org.hibernate.dialect.H2Dialect |
|
MySQL |
org.hibernate.dialect.MySQLDialect |
|
Oracle |
org.hibernate.dialect.Oracle10gDialect |
|
SQL Server |
org.hibernate.dialect.SQLServerDialect |
|
DB2 |
org.hibernate.dialect.DB2Dialect |
|
PostgreSQL |
org.hibernate.dialect.PostgreSQLDialect |
Optionally, the hibernate.show_sql property can be set to true if the SQL being executed needs to be printed to the log.
To change the display language for Alfresco Process Services, configure the appropriate language in your browser settings.
The Identity Service [226] allows you to configure user authentication between a supported LDAP provider or SAML identity provider and the Identity Service for Single Sign On (SSO) capabilities.
The Identity Service needs to be deployed [291] and configured [292] with an identity provider before being set up with other Alfresco products.
Once the Identity Service has been deployed, you will need to configure Process Services [293] to authenticate with it.
Configure the activiti-identity-service.properties file using the below properties:
| Property | Description | Notes |
|---|---|---|
| keycloak.enabled | Enable or disable authentication via the Identity Service. | Required. |
| keycloak.realm | Name of the realm configured in the Identity Service. | Required. |
| keycloak.auth-server-url | Base URL of the Identity Service server. Will be in the format https://{server}:{port}/auth | Required. |
| keycloak.ssl-required | Whether communication to and from the Identity Service server is over HTTPS. Possible values are all for all requests, external for external requests or none. | Important: this property needs to match the equivalent setting for Require SSL in your realm within the Identity Service administration console. |
| keycloak.resource | The Client ID for the client created within your realm that points to Process Services. | Required. |
| keycloak.principal-attribute | The attribute used to populate the field UserPrincipal with. If this is null it will default to sub. | Important: this property needs to be set to email to work with Process Services. |
| keycloak.public-client | The adapter will not send credentials for the client to the Identity Service if this is set to true. | Optional. |
| keycloak.credentials.secret | The secret key for this client if the access type is not set to public. | |
| keycloak.always-refresh-token | The token will be refreshed for every request if this is set to true. | |
| keycloak.autodetect-bearer-only | This should be set to true if your application serves both a web application and web services. It allows for the redirection of unauthorized users of the web application to the Identity Service sign in page, but send a HTTP 401 to unauthenticated SOAP or REST clients. | Required. |
| keycloak.token-store | The location of where the account information token is stored. Possible values are cookie or session. | Required. |
| keycloak.enable-basic-auth | Whether basic authentication is supported by the adapter. If set to true then a secret must also be provided. | Optional. |
| activiti.use-browser-based-logout | Sets whether signing out of Process Services calls the Identity Service
logout URL. If set to true, set the Admin URL to https://{server}:{port}/activiti-app/ under the client settings in the Identity Service management console. |
Optional. |
Prerequisites
You must ensure that you have configured LDAP (LDAP synchronization in particular). You can use Kerberos SSO in combination with LDAP authentication and also database authentication. You can use both of these as fallback scenarios in the case that the user's browser does not support Kerberos authentication.
ktpass -princ HTTP/<host>.<domain>@<REALM> -pass <password> -mapuser <domainnetbios>\http<host> -crypto all -ptype KRB5_NT_PRINCIPAL -out c:\temp\http<host>.keytab -kvno 0
setspn -a HTTP/<host> http<host> setspn -a HTTP/<host>.<domain> http<host>
Copy the key table files created in steps 1 and 2 to the servers they were named after. Copy the files to a protected area, such as C:\etc\ or /etc.
The default location is %WINDIR%\krb5.ini, where %WINDIR% is the location of your Windows directory, for example, C:\Windows\krb5.ini. If the file does not already exist (for example, if the Kerberos libraries are not installed on the target server), you must copy these over or create them from scratch. See Kerberos Help [296] for more information on the krb5.conf file. In this example, our Windows domain controller host name is adsrv.alfresco.org.
[libdefaults]
default_realm = ALFRESCO.ORG
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
[realms]
ALFRESCO.ORG = {
kdc = adsrv.alfresco.org
admin_server = adsrv.alfresco.org
}
[domain_realm]
adsrv.alfresco.org = ALFRESCO.ORG
.adsrv.alfresco.org = ALFRESCO.ORG
The Kerberos ini file for Linux is /etc/krb5.conf.
For JBoss, open the $JBOSS_HOME/standalone/configuration/standalone.xml file.
In the <subsystem xmlns="urn:jboss:domain:security:1.2"> section, add the following:
<security-domain name="alfresco" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="sufficient"/>
</authentication>
</security-domain>
Add the following security-domain sections:
<security-domain name="AlfrescoHTTP" cache-type="default"> <authentication> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"> <module-option name="debug" value="true"/> <module-option name="storeKey" value="true"/> <module-option name="useKeyTab" value="true"/> <module-option name="doNotPrompt" value="true"/> <module-option name="isInitiator" value="false"/> <module-option name="keyTab" value="C:/etc/http<host>.keytab"/> <module-option name="principal" value="HTTP/<host>.<domain>"/> </login-module> </authentication> </security-domain>
For other environments, in the Java security folder (for example, C:/Alfresco/java/lib/security), create a file named java.login.config with entries as shown below.
Alfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
AlfrescoHTTP
{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
doNotPrompt=true
keyTab="C:/etc/http<host>.keytab"
principal="HTTP/<host>.<domain>";
};
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
other {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
login.config.url.1=file:${java.home}/lib/security/java.login.config
| Property name | Description | Default value |
|---|---|---|
| kerberos.authentication.enabled | A switch for activating functionality for Kerberos SSO authentication. This applies to both the APS user interface and the REST API. | FALSE |
| kerberos.authentication.principal | The Service Principal Name (SPN). For example, HTTP/alfresco.test.activiti.local. | None |
| kerberos.authentication.keytab | The file system path to the key table file. For example, C:/alfresco/alfrescohttp.keytab. | None |
| kerberos.authentication.krb5.conf | The file system path to the local server. For example, C:/Windows/krb5.ini. | None |
| kerberos.allow.ldap.authentication.fallback | Determines whether to allow login for unsupported client browsers using LDAP credentials. | FALSE |
| kerberos.allow.database.authentication.fallback | Determines whether to allow login for unsupported client browsers using database credentials. | FALSE |
| kerberos.allow.samAccountName.authentication | Authentication of the user id using the short form (for example username instead of username@domain.com). | FALSE |
| security.authentication.use-externalid | A setting that enables the use of Kerberos authentication. | FALSE |
security.oauth2.authentication.enabled=true security.oauth2.client.clientId=<client_id> security.oauth2.client.clientSecret=<secret_key> security.oauth2.client.userAuthorizationUri=https://github.com/login/oauth/authorize security.oauth2.client.tokenName=oauth_token security.oauth2.client.accessTokenUri=https://github.com/login/oauth/access_token security.oauth2.client.userInfoUri=https://api.github.com/user
| Property | Description |
|---|---|
| security.oauth2.authentication.enabled | Enables or disables the OAuth 2 client. To enable the OAuth 2 client, set this property to true. To disable it, set this property to false. |
| security.oauth2.client.clientId | Client ID provided by the OAuth 2 Authorization server. |
| security.oauth2.client.clientSecret | Client Secret provided by the OAuth 2 Authorization server. |
| security.oauth2.client.checkToken | Configures the OAuth 2 Authorization to be used. Only set this property if you are using an internal authentication server. It contains the authorization URL obtained from the Authorization server. Example: security.oauth2.client.checkToken=http://localhost:9999/oauth/check_token |
| security.oauth2.client.userAuthorizationUri | Implementation of the Authorization endpoint from the OAuth 2 specification. Accepts authorization requests, and handles user approval if the grant type is authorization code. |
| security.oauth2.client.tokenName | Name of the token that will be used as parameter in the request. |
| security.oauth2.client.accessTokenUri | Endpoint for token requests as described in the OAuth 2 specification. Once login access to the application on the authorisation server has been allowed, the server provides the client (APS application) with the access token. This is exchanged with the authorisation server residing on the Uri set within this property. |
| security.oauth2.client.userInfoUri | Uri of the user. This is used to retrieve user details from the authorisation server. |
# CORS CONFIGURATION # cors.enabled=true
When CORS is enabled, CORS requests can be made to all endpoints under {{/activiti-app/api}}.
Also, some additional properties are made available which can be configured to further fine tune CORS. This will make CORS available only to certain origins or to restrict the valid HTTP methods that can be used and headers that can be sent with CORS-enabled requests.
cors.enabled=false
cors.allowed.origins=*
cors.allowed.methods=GET,POST,HEAD,OPTIONS,PUT,DELETE
cors.allowed.headers=Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token
cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials=truecors.preflight.maxage=10
| Property | Description |
|---|---|
| cors.allowed.origins | Specifies the hosts allowed in cross origin requests. By default, the value is
set to *, which permits clients hosted on any server to access the
resources. Alternatively, you can specify a host, for example, http://www.example.org:8080 [297], which will only allow requests from this host. Multiple entries or wildcards are not allowed for this setting. In general, it is recommended to restrict {{allowedOrigins}} to only allow origins within your organization to make requests. |
| cors.allowed.methods | Configures which HTTP requests are permitted.
|
| cors.allowed.headers | Specifies the headers that can be set manually or programmatically in the request
headers in addition to the ones set by the user agent (for example, Connection). The
default values are:
|
| cors.exposed.headers | Allows you to whitelist the headers that the client can access from the server.
The default value exposes the following headers:
|
| cors.support.credentials | Determines whether HTTP cookie and HTTP Authentication-based credentials are allowed. The default value is true. |
| cors.preflight.maxage | Preflighted requests use the OPTIONS method to first verify the resource availability and then request it. This property determines the maximum time (in minutes) for caching a preflight request. The default value is 10. |
cors.enabled=false
Business Calendar is used to calculate relative due dates for tasks. To exclude weekends when calculating a task’s relative due date, set the calendar.weekends property as follows:
# Weekend days comma separated (day's first 3 letters in capital) calendar.weekends=SAT,SUN
To invalidate the login session, do the following:
security.use-http-session=true
Set this property to false if you do not wish to enable this behavior.
When the application starts for the first time, it will verify that there is at least one user in the system. If not, a user with superuser rights will be created.
The default user ID to sign in with is admin@app.activiti.com using password admin. This should be changed after signing in for the first time.
The initial user details can be modified (must be done before first start up) with following properties:
|
Property |
Description |
|
admin.email |
The email address used to create the first user, which also acts as the sign in identifier. |
|
admin.group |
Capabilities in Alfresco Process Services are managed by adding users into certain groups. The first user will have all capabilities enabled. This property defines the name of the group to which the first user will be added. By default it is Superusers. |
The application sends out emails to users on various events. For example, when a task is assigned to the user.
Set the following properties to configure the email server.
|
Property |
Description |
|
email.enabled |
Enables or disables the email functionality as a whole. By default, it is set to false, therefore make sure to set it to true when you require the email functionality. |
|
email.host |
The host address of the email server. |
|
email.port |
The port on which the email server is running. |
|
email.useCredentials |
Boolean value. Indicates if the email server needs credentials to make a connection. If so, both username and password need to be set. |
|
email.username |
The username used as credentials when email.useCredentials is true. |
|
email.password |
The password used as credentials when email.useCredentials is true. |
|
email.ssl |
Defines if SSL is needed for the connection to the email server. |
|
email.tls |
Defines if TLS is needed for the connection to the email server. This needs to be true when Google mail is used as the mail server for example. |
|
email.from.default |
The email address that is used in the from field of any email sent. |
|
email.from.default.name |
The name that is used in the from field of the email sent. |
|
email.feedback.default |
Some emails will have a feedback email address that people can use to send feedback. This property defines this. |
Emails are created by a template engine. The emails can contain various links to the runtime system to bring the user straight to the correct page in the web application.
Set the following property to correct the links. The example in the following table uses 'localhost' as host address and 'activiti-app' as the context root:
|
Property |
Example |
|
email.base.url |
Elasticsearch is used in Alfresco Process Services as a data store for generating analytics and reports. Elasticsearch [299] is an open source data store for JSON [300] documents. Its main features include fast full text search and analytics.
Alfresco Process Services uses a REST connection to communicate with a remote instance of Elasticsearch. The application creates a Java Low Level REST client, which allows you to configure Process Services to index event data into a remote Elasticsearch service. The REST client internally uses the Apache HTTP Async Client to send HTTP requests. This allows communication with an Elasticsearch cluster through HTTP.
A REST connection between Elasticsearch and Alfresco Process Services has three points to be aware of:
For more details regarding the REST client, see Java Low Level REST Client [301].
If migrating from an embedded Elasticsearch instance, see rebuilding Elasticsearch instances [302] after configuring a connection to an external Elasticsearch instance via REST.
For information about the compatibility between the REST client and the remote Elasticsearch cluster environment, see Communicating with an Elasticsearch Cluster using HTTP [303].
The following properties need to be configured in activiti-app.properties for Elasticsearch:
| Property | Description | Example value |
|---|---|---|
| elastic-search.server.type | The server type for Elasticsearch configuration. Set this to rest to enable the REST client implementation. | rest |
| elastic-search.rest-client.port | The port running Elasticsearch. | 9200 |
| elastic-search.rest-client.connect-timeout | Connection timeout for the REST client. | 1000 |
| elastic-search.rest-client.socket-timeout | Socket timeout for the REST client. | 5000 |
| elastic-search.rest-client.address | IP address of the REST client. | localhost |
| elastic-search.rest-client.schema | Sets whether the connection uses http or https. | http |
| elastic-search.rest-client.auth.enabled | Sets whether authentication is enabled for the REST connection. | false |
| elastic-search.rest-client.username | The username of the Elasticsearch user. | admin |
| elastic-search.rest-client.password | The password for the Elasticsearch user. | esadmin |
| elastic-search.rest-client.keystore | The keystore used to encrypt the connection to the Elasticsearch instance. | |
| elastic-search.rest-client.keystore.type | The type of keystore used for encryption. | jks |
| elastic-search.rest-client.keystore.password | The password of keystore used for encryption. | |
| elastic-search.default.index.name | The default prefix for the default tenant. | activiti |
| elastic-search.tenant.index.prefix | The prefix used for indexing in multi-tenant setups. | activiti-tenant- |
Backing up the data stored in Elasticsearch is described in detail in the Elastic search documentation [307]. When using the snapshot functionality of ElasticSearch, you must enable the HTTP interface and create firewall rules to prevent the general public from accessing it.
The event processing is closely related to the Elasticsearch configuration [308].
The main concept is depicted in the following diagram.
The event processor is architected to work without collisions in a multi-node clustered setup. Each of the event processors will first try to lock events before processing them. If a node goes down during event processing (after locking), an expired events processor component will pick them up and process them as regular events.
The event processing can be configured, however leaving the default values as they are helps cater for typical scenarios.
|
Property |
Description |
Default |
|
event.generation.enabled |
Set to false if no events need to be generated. Do note that the reporting/analytics event data is then lost forever. |
true |
|
event.processing.enabled |
Set to false to not do event processing. This can be useful in a clustered setup where only some nodes do the processing. |
true |
|
event.processing.blocksize |
The number of events that are attempted to be locked and fetched to be processed in one transaction. Larger values equate to more memory usage, but less database traffic. |
100 |
|
event.processing.cronExpression |
The cron expression that defines how often the events generated by the Process Engine are processed (that is, read from the database and fed into Elastic Search). By default 30 seconds. If events do not need to appear quickly in the analytics, it is advised to make this less frequent to put less load on the database. |
0/30 * * * * ? |
|
event.processing.expired.cronExpression |
The cron expression that defines how often expired events are processed. These are events that were locked, but never processed (such as when the node processing them went down). |
0 0/30 * * * ? |
|
event.processing.max.locktime |
The maximum time an event can be locked before it is seen as expired. After that it can be taken by another processor. Expressed in milliseconds. |
600000 |
|
event.processing.processed.events.action |
To keep the database table where the Process Engine writes the events small and efficient, processed events are either moved to another table or deleted. Possible values are move and delete. Move is the safe option, as it allows for reconstructing the Elasticsearch index if the index was to get corrupted for some reason. |
move |
|
event.processing.processed.action.cronExpression |
The cron expression that defines how often the action above happens. |
0 25/45 * * * ? |
Occasionally, an Elasticsearch index can get corrupted and become unusable. All data that are sent to Elasticsearch is stored in the relational database (except if the property event.processing.processed.events.action has been set to delete, in which case the data is lost).
You might have to rebuild the indexes when changing the core Elasticsearch settings (for example, number of shards).
Events are stored in the ACT_EVT_LOG table before they are processed. The IS_PROCESSED_ flag is set to 0 when inserting an event and changing it to 1 to process for ElasticSearch. An asynchronous component will move those table rows with 1 for the flag to the PROCESSED_ACTIVITI_EVENTS.
Therefore, to rebuild the Elasticsearch index, you must do the following:
Remove the data from Elasticsearch (deleting the data folders for example in the embedded mode)
Copy the rows from PROCESSED_ACTIVITI_EVENTS to ACT_EVT_LOG and setting the IS_PROCESSED flag to 0 again.
Note also, due to historical reasons, the DATA_ column has different types in ACT_EVT_LOG (byte array) and PROCESSED_ACTIVITI_EVENTS (long text). So a data type conversion is needed when moving rows between those tables.
See the example-apps folder that comes with Alfresco Process Services. It has an event-backup-example folder, in which a Maven project can be found that carries out the data type conversion. You can also use this to back up and restore events. Note that this example uses Java, but it can also be done with other languages. It first writes the content of PROCESSED_ACTIVITI_EVENTS to a .csv file. This is also useful when this table becomes too big in size: store the data in a file and remove the rows from the database table.
It is possible to configure whether users get access to the model editors (the App Designer application) and the analytics application.
Access to the default application is configured through capabilities. In the admin UI, it is possible to create system groups. These groups have a set of capabilities. All users part of that group have those capabilities.
The following settings configure app access when a new user is created in the system (manual or through LDAP sync). To enable access, set the property app.[APP-NAME].default.enabled to true. If true, a newly created user will be given access to this app.
The access is configured by adding the user to a group with a certain capability that enabled the app. The name of that group can be configured using the app.[APP-NAME].default.capabilities.group property. If this property is set, and the app.[APP-NAME].default.enabled property is set to true, the group with this name will be used to add the user to and provide access to the app. If the group does not exist, it is created. If the property is commented, and app.[APP-NAME].default.enabled property, a default name is used.
Currently possible app names: { analytics | kickstart }
|
Property |
default |
|---|---|
|
app.analytics.default.enabled |
true |
|
app.analytics.default.capabilities.group |
analytics-users |
|
app.kickstart.default.enabled |
true |
|
app.kickstart.default.capabilities.group |
kickstart-users |
The following setting, if set to true, will create a default example app with some simple review and approve processes for every newly created user.
|
Property |
default |
|---|---|
|
app.review-workflows.enabled |
false |
When a task is created that has one or more candidate groups assigned, the group managers for those groups will be automatically involved with the created task. To stop group managers from being involved, set the following property to false.
|
Property |
default |
|
app.runtime.groupTasks.involveGroupManager.enabled |
true |
The Process Engine operates in a stateless way. However, there is data that will never change, which makes it a prime candidate for caching.
A process definition is an example of such static data. When you deploy a BPMN 2.0 XML file to the Process Engine, the engine parses it to something it can execute, and stores the XML and some data, such as the description, business key, in the database. Such a process definition will never change. Once it’s in the database, the stored data will remain the same until the process definition is deleted.
On top of that, parsing a BPMN 2.0 XML to something executable is quite a costly operation compared with other engine operations. This is why the Process Engine internally uses a process definition cache to store the parsed version of the BPMN 2.0 XML.
In a multi-node setup, each node will have a cache of process definitions. When a node goes down and comes up, it will rebuild the cache as it handles process instances, tasks. and so on.
The process definition cache size can be set by the following property:
|
Property |
Description |
Default |
|
activiti.process-definitions.cache.max |
The number of process definitions kept in memory. When the system needs to cope with many process definitions concurrently, it is advised to make this value higher than the default. |
128 |
Alfresco Process Services enables you to upload content, such as attaching a file to a task or a form.
Content can be stored locally by setting the property below to fs. Alternatively, you can use Amazon S3 for content storage by setting it to s3.
contentstorage.type
To configure file system for content storage, set the following properties in the activiti-app.properties file:
| Property | Description | Example |
| contentstorage.fs.rootFolder | Name and location of the root folder. Important: When using multiple instances of the application, make sure that this path references a shared network drive. This is so that all nodes are able to access all content as the application is stateless and any server can handle any request. | /data |
| contentstorage.fs.createRoot | Sets whether the root folder is created by default. | true |
| contentstorage.fs.depth | Depth of the folder tree. | 4 |
| contentstorage.fs.blockSize | Maximum number of files in a single folder. | 1024 |
To configure Amazon S3 for content storage, set the following properties in the activiti-app.properties file:
| Property | Description |
| contentstorage.s3.accessKey | Set to the S3 access key. The access key is required to identify the Amazon Web Services account and can be obtained from the Amazon Web Services site AWS Credentials [309]. |
| contentstorage.s3.secretKey | Set to the S3 secret key.The secret key is required to identify the Amazon Web Services account and can be obtained from the Amazon Web Services site AWS Credentials [309]. |
| contentstorage.s3.bucketName | Set to the S3 bucket name.The bucket name must be unique among all Amazon Web Services users globally. If the bucket does not already exist, it will be created, but the name must not have already been taken by another user. See S3 bucket restrictions [310] for more information on bucket naming. |
| contentstorage.s3.objectKeyPrefix | Set to your AWS object prefix. |
Alfresco Content Services is also storage mechanism, and you can find more information in Integration with external systems [311].
The Microsoft Office integration (opening an Office document directly from the browser) doesn’t need any specific configuration. However, the protocol used for the integration mandates the use of HTTPS servers by default. This means that Alfresco Process Services must run on a server that has HTTPS and its certificates are correctly configured.
If this is not possible for some reason, change the setting on the machines for each user to make this feature work.
For Windows, see:
http://support.microsoft.com/kb/2123563 [312]
For OS X, execute following terminal command:
defaults -currentHost write com.microsoft.registrationDB hkey_current_user\\hkey_local_machine\\software\\microsoft\\office\\14.0\\common\\internet\\basicauthlevel -int 2
Note that this is not a recommended approach from a security point of view.
The application uses SLF4J bounded to Log4j. The log4j.properties configuration file can be found in the WEB-INF/classes folder of the WAR file.
See SLF4J [313] and Log4j [314] for more information.
For all REST API endpoints available in the application, metrics are gathered about run-time performance. These statistics can be written to the log.
|
Property |
Description |
Default |
|
metrics.console.reporter.enabled |
Boolean value. If true, the REST API endpoint statistics will be logged. |
false |
|
metrics.console.reporter.interval |
The interval of logging in seconds. Do note that these logs are quite large, so this should not be set to be too frequent. |
60 |
Note that the statistics are based on the run-time timings since the last start up. When the server goes down, the metrics are lost.
Example output for one REST API endpoint:
com.activiti.runtime.rest.TaskQueryResource.listTasks count = 4 mean rate = 0.03 calls/second 1-minute rate = 0.03 calls/second 5-minute rate = 0.01 calls/second 15-minute rate = 0.00 calls/second min = 5.28 milliseconds max = 186.55 milliseconds mean = 50.74 milliseconds stddev = 90.54 milliseconds median = 5.57 milliseconds 75% <= 141.34 milliseconds 95% <= 186.55 milliseconds 98% <= 186.55 milliseconds 99% <= 186.55 milliseconds 99.9% <= 186.55 milliseconds
Alfresco Process Services provides REST API operations that allow you to query tasks, process instances, historic tasks and historic process instances. You can also request to include task and process variables by using the parameters includeTaskLocalVariables and includeProcessVariables and setting their values to 'True'. When executing REST API calls that include these variables, the result sets could be quite large and you may wish to limit or control the list size provided in the response. The following table shows the properties you can set in the activiti-app.properties file to configure this.
| Property name | Description |
|---|---|
| query.task.limit | Limits the number of tasks returned from the query GET /runtime/tasks. |
| query.execution.limit | Limits the number of process instances returned from the query GET /runtime/process-instances. |
| query.historic.task.limit | Limits the number of historic tasks returned from the query POST /enterprise/historic-tasks/query. |
| query.historic.process.limit | Limits the number of historic process instances returned from the query POST /enterprise/historic-process-instances/query. |
It’s possible to hook up a centralized user data store with Alfresco Process Services. Any server supporting the LDAP protocol can be used. Special configuration options and logic has been included to work with Active Directory (AD) systems too.
From a high-level overview, the external Identity Management (IDM) integration works as follows:
Periodically, all user and group information is synchronized asynchronously. This means that all data for users (name, email address, group membership and so on) is copied to the Alfresco Process Services database. This is done to improve performance and to efficiently store more user data that doesn’t belong to the IDM system.
If the user logs in to Alfresco Process Services, the authentication request is passed to the IDM system. On successful authentication there, the user data corresponding to that user is fetched from the Alfresco Process Services database and used for the various requests. Note that no passwords are saved in the database when using an external IDM.
Note that the LDAP sync only needs to be activated and configured on one node in the cluster (but it works when activated on multiple nodes, but this will of course lead to higher traffic for both the LDAP system and the database).
The configuration of the external IDM authentication/synchronization is done in the same way as the regular properties. There is a properties file named activiti-ldap.properties in the WEB-INF/classes/META-INF/ folder in the WAR file. The values in a file with the same name on the classpath have precedence over the default values in the former file.
In addition, in the same folder, the example-activiti-ldap-for-ad.properties file contains an example configuration for an Active Directory system.
The following code snippet shows the properties involved in configuring a connection to an LDAP server (Active Directory is similar). These are the typical parameters used when connecting with an LDAP server. Advanced parameters are commented out in the example below:
# The URL to connect to the LDAP server ldap.authentication.java.naming.provider.url=ldap://localhost:10389 # The default principal to use (only used for LDAP sync) ldap.synchronization.java.naming.security.principal=uid=admin,ou=system # The password for the default principal (only used for LDAP sync) ldap.synchronization.java.naming.security.credentials=secret # The authentication mechanism to use for synchronization #ldap.synchronization.java.naming.security.authentication=simple # LDAPS truststore configuration properties #ldap.authentication.truststore.path= #ldap.authentication.truststore.passphrase= #ldap.authentication.truststore.type= # Set to 'ssl' to enable truststore configuration via subsystem's properties #ldap.authentication.java.naming.security.protocol=ssl # The LDAP context factory to use #ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory # Requests timeout, in miliseconds, use 0 for none (default) #ldap.authentication.java.naming.read.timeout=0 # See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html #ldap.synchronization.java.naming.referral=follow
It is possible to configure connection pooling for the LDAP/AD connections. This is an advanced feature and is only needed when creating a connection to the IDM system has an impact on system performance.
The connection pooling is implemented using the Spring-LDAP framework. Below are all the properties that it is possible to configure. These follow the semantics of the properties possible for Spring-LDAP and are described here [319].
# ----------------------- # LDAP CONNECTION POOLING # ----------------------- # Options= # nothing filled in: no connection pooling # 'jdk': use the default jdk pooling mechanism # 'spring': use the spring ldap connection pooling facilities. These can be configured further below #ldap.synchronization.pooling.type=spring # Following settings follow the semantics of org.springframework.ldap.pool.factory.PoolingContextSource #ldap.synchronization.pooling.minIdle=0 #ldap.synchronization.pooling.maxIdle=8 #ldap.synchronization.pooling.maxActive=0 #ldap.synchronization.pooling.maxTotal=-1 #ldap.synchronization.pooling.maxWait=-1 # Options for exhausted action: fail | block | grow #ldap.synchronization.pooling.whenExhaustedAction=block #ldap.synchronization.pooling.testOnBorrow=false #ldap.synchronization.pooling.testOnReturn=false #ldap.synchronization.pooling.testWhileIdle=false #ldap.synchronization.pooling.timeBetweenEvictionRunsMillis=-1 #ldap.synchronization.pooling.minEvictableIdleTimeMillis=1800000 #ldap.synchronization.pooling.numTestsPerEvictionRun=3 # Connection pool validation (see http://docs.spring.io/spring-ldap/docs/2.0.2.RELEASE/reference/#pooling for semantics) # Used when any of the testXXX above are set to true #ldap.synchronization.pooling.validation.base= #ldap.synchronization.pooling.validation.filter= # Search control: object, oneLevel, subTree #ldap.synchronization.pooling.validation.searchControlsRefs=
To enable authentication via LDAP or AD, set the following property:
ldap.authentication.enabled=true
In some organizations, a case insensitive log in is allowed with the LDAP ID. By default, this is disabled. To enable, set following property to false.
ldap.authentication.casesensitive=false
Next, a property ldap.authentication.dnPattern can be set:
ldap.authentication.dnPattern=uid={0},ou=users,dc=alfresco,dc=com
However, if the users are in structured folders (organizational units for example), a direct pattern cannot be used. In this case, leave the property either empty or comment it out. Now, a query will be performed using the ldap.synchronization.personQuery (see below) with the ldap.synchronization.userIdAttributeName to find the user and their distinguished (DN) name. That DN will then be used to sign in.
When using Active Directory, two additional properties need to be set:
ldap.authentication.active-directory.enabled=true ldap.authentication.active-directory.domain=alfresco.com
The first property enables Active Directory support and the second property is the domain of the user ID (that is, userId@domain) to sign in using Active Directory.
If the domain does not match with the rootDn, it is possible to set is explicitly:
ldap.authentication.active-directory.rootDn=DC=somethingElse,DC=com
And also the filter that is used (which defaults to a userPrincipalName comparison) can be changed:
ldap.authentication.active-directory.searchFilter=(&(objectClass=user)(userPrincipalName={0}))
ldap.allow.database.authenticaion.fallback=true
The synchronization component will periodically query the IDM system and change the user and group database. There are two synchronization modes: full and differential.
Full synchronization queries all data from the IDM and checks every user, group, and membership to be valid. The resource usage is heavier than the differential synchronization in this type of synchronization and therefore, it is usually only triggered on the very first sync when Alfresco Process Services starts up and is configured to use an external IDM. This is so that all users and groups are available in the database.
To enable full synchronization:
The frequency in which it runs is set using a cron expression:
ldap.synchronization.full.enabled=true ldap.synchronization.full.cronExpression=0 0 0 * * ?
Differential synchronization is lighter, in terms of performance, as it only queries the users and groups that have changed since the last synchronization. One downside is that it cannot detect deletions of users and groups. Consequently, a full synchronization needs to run periodically (but less than a differential synchronization typically) to account for these deletions.
ldap.synchronization.differential.enabled=true ldap.synchronization.differential.cronExpression=0 0 */4 * * ?
Do note that all synchronization results are logged, both in the regular logging and in a database table named IDM_SYNC_LOG
The synchronization logic builds on two elements:
Queries that return the correct user/group/membership data
A mapping of LDAP attributes to attributes used within the Alfresco Process Services system
There are a lot of properties to configure, so do base your configuration on one of the two files in the META-INF folder, as these contain default values. You only need to add the specific properties to your custom configuration file if the default values are not appropriate.
These are settings that are generic or shared between user and group objects. For each property, an example setting of a regular LDAP system (that is, ApacheDS) and Active Directory is shown.
| Property | Description | LDAP Example | Active Directory Example |
|---|---|---|---|
|
ldap.synchronization.distinguishedNameAttributeName |
The attribute that is the disinguished name in the system. |
dn |
dn |
|
ldap.synchronization.modifyTimestampAttributeName |
The name of the operational attribute recording the last update time for a group or user. Important for the differential query. |
modifyTimestamp |
whenChanged |
|
ldap.synchronization.createTimestampAttributeName |
The name of the operational attribute recording the create time for a group or user. Important for the differential query. |
createTimestamp |
whenCreated |
|
ldap.synchronization.timestampFormat |
The timestamp format. This is specific to the directory servers and can vary. |
yyyyMMddHHmmss.SSS’Z' |
yyyyMMddHHmmss'.0Z' |
|
ldap.synchronization.timestampFormat.locale.language |
The timestamp format locale language for parsing. Follows the java.util.Locale semantics. |
en |
en |
|
ldap.synchronization.timestampFormat.locale.country |
The timestamp format locale country. Follows the java.util.Locale semantics. |
GB |
GB |
|
ldap.synchronization.timestampFormat.timezone |
The timestamp format timezone. Follows the java.text.SimpleDateFormat semantics. |
GMT |
GMT |
| Property | Description | LDAP Example | Active Directory Example |
|---|---|---|---|
| ldap.synchronization.users.ignoreCase | If this property is set to true then the synchronization will ignore the case that users are stored in within the source database when syncing users. | ||
| ldap.synchronization.userSearchBase | The user search base restricts the LDAP user query to a sub section of a tree on the LDAP server. | ou=users,dc=alfresco,dc=com | ou=users,dc=alfresco,dc=com |
| ldap.synchronization.syncAdditionalUsers | Set to true if users outside of the userSearchBase but included in the groupSearchBase should be synchronized. | false | false |
| ldap.synchronization.personQuery | The query to select all objects that represent the users to import (used in the *full synchronization query*ß). | (objectclass\=inetOrgPerson) | (&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) |
| ldap.synchronization.personDifferentialQuery | The query to select objects that represent the users to import that have changed since a certain time (used in the differential synchronization query). | ||
| ldap.synchronization.userIdAttributeName | The attribute name on people objects found in LDAP to use as the user ID in Alfresco | uid | cn |
| ldap.synchronization.userFirstNameAttributeName | The attribute on person objects in LDAP to map to the first name property of a user | givenName | givenName |
| ldap.synchronization.userLastNameAttributeName | The attribute on person objects in LDAP to map to the last name property of a user | sn | cn |
| ldap.synchronization.userEmailAttributeName | The attribute on person objects in LDAP to map to the email property of a user | ||
| ldap.synchronization.userType | The person type in the directory server. | inetOrgPerson | user |
You can configure which users should be made administrators in the system. Delimit multiple entries with a ; (Semi-colon) as commas can’t be used.
ldap.synchronization.tenantAdminDn=uid=joram,ou=users,dc=alfresco,dc=com;uid=tijs,ou=users,dc=alfresco,dc=comWhen using multi-tenancy, the administrator of all tenants can be configured as follows. Similar rules for delimiting apply as above.
ldap.synchronization.tenantManagerDn=uid=joram,ou=users,dc=alfresco,dc=comIt’s important to set at least 1 user with admin rights. Otherwise no user will be able to sign into the system and administer it.
|
Property |
Description |
LDAP Example |
Active Directory Example |
|
ldap.synchronization.groupSearchBase |
The group search base restricts the LDAP group query to a sub section of a tree on the LDAP server. |
ou=groups,dc=alfresco,dc=com |
ou=groups,dc=alfresco,dc=com |
|
ldap.synchronization.groupQuery |
The query to select all objects that represent the groups to import (used in full synchronization). |
(objectclass\=groupOfNames) |
(objectclass\=group) |
|
ldap.synchronization.groupDifferentialQuery |
The query to select objects that represent the groups to import that have changed since a certain time (used in the differential synchronization). |
||
|
ldap.synchronization.groupIdAttributeName |
The attribute on LDAP group objects to map to the authority name property in Alfresco Process Services. |
cn |
cn |
|
ldap.synchronization.groupMemberAttributeName |
The attribute in LDAP on group objects that defines the DN for its members. This is an important setting as is defines group memberships of users and parent-child relations between groups. |
member |
member |
|
ldap.synchronization.groupType |
The group type in LDAP. |
groupOfNames |
group |
Process Services provides the capability to configure the number of group members retrieved per query subject to the limitations imposed by Active Directory. Follow these steps to enable this:
ldap.synchronization.groupMemberRangeEnabled=true
ldap.synchronization.groupMemberRangeSize=1500
It is possible to use paging when connecting to an LDAP server (some even mandate this).
To enable paging when fetching users or groups, set following properties:
ldap.synchronization.paging.enabled=true ldap.synchronization.paging.size=500
By default, paging is disabled.
It is possible to tweak the batch size when doing an LDAP sync.
The insert batch size limits the amount of data being inserted in one transaction (for example, 100 users per transactions are inserted). By default, this is 5. The query batch size is used when data is fetched from the Alfresco Process Services database (for example, fetching users to check for deletions when doing a full sync).
ldap.synchronization.db.insert.batch.size=100 ldap.synchronization.db.query.batch.size=100
You can integrate Alfresco Process Services with external systems.
Alfresco Content Services
The Alfresco Content Services (on premise) integration can be used to:
Upload or link related content (for example, for a task)
Upload or link content in a form
The connection for an Alfresco installation is created by an administrator through the user interface. Accounts for connecting to an Alfresco installation are created by the users themselves.
Passwords are stored encrypted in the database. An init vector and secret key are used for the encryption. These keys can be changed from the default values as follows:
# Passwords for non-OAuth services (eg. on-premise alfresco) are encrypted using AES/CBC/PKCS5PADDING # It needs a 128-bit initialization vector (http://en.wikipedia.org/wiki/Initialization_vector) and a 128-bit secret key # represented as 16 ascii characters below security.encryption.ivspec=9kje56fqwX8lk1Z0 security.encryption.secret=wTy53pl09aN4iOkL
Google Drive
The Google Drive integration can be used to:
Upload related content (eg. for a task)
Upload content in a form
To integrate Google Drive, you must have a valid development account to access the API [327]. See this link [328] for more information.
In addition, you will need a secret key, x509 certificate URL, and a client Id. These settings are provided by the Google Drive Dev Account.
# No need to change these properties googledrive.web.auth_uri=https://accounts.google.com/o/oauth2/auth googledrive.web.token_uri=https://accounts.google.com/o/oauth2/token googledrive.web.auth_provider_x509_cert_url=https://www.googleapis.com/oauth2/v1/certs # Following properties need to be changed to map to the correct url googledrive.web.redirect_uris=http://localhost:8080/activiti-app/app/rest/integration/google-drive/confirm-auth-request googledrive.web.javascript_origins=http://localhost:8080/activiti-app # Following properties are provided by Google googledrive.web.client_secret=aabbcc googledrive.web.client_email=bla googledrive.web.client_x509_cert_url=bla googledrive.web.client_id=bla
By default, the Google Drive support is disabled so that it won’t show up in the upload widget. To enable Google Drive support, change the following property.
googledrive.web.disabled=false
Box
The Box integration can be used to:
Upload related content (for example, for a task)
Upload content in a form
To integrate Box, you must have access to https://developers.box.com [329], the secret key, authentication urls, and client Id. These settings are provided by the Box Dev Account.
# No need to change these properties box.web.auth_uri=https://app.box.com/api/oauth2/authorize box.web.token_uri=https://app.box.com/api/oauth2/token # Following properties need to be changed to map to the correct url box.web.redirect_uris=http://localhost:8080/activiti-app/app/rest/integration/box/confirm-auth-request box.web.javascript_origins=http://localhost:8080 # Following properties are provided by Box box.web.client_id=RegisterWithBoxForYourClientId box.web.client_secret=RegisterWithBoxForYourSecret
By default, the Box support is disabled so that it won’t show up in the upload widget. To enable Box support, change the following property:
box.disabled=false
By default, Alfresco Process Services is configured in a way that process modelers have access to all powerful features of the Process Engine. In many organizations this is not a problem, as the people who are modeling are trusted IT people or business analysts.
However, some organizations may expose the modeling tools of Alfresco Process Services directly to all end users giving t