in hibernate.cfg.xml follow the directions to comment out the user,group and
membership objects.
Then, you can just delegate the security to your application container and
manage access using the container's built in security mechanism.
A lot can be discussed about when you should do this and when you should not.
It seems to me that because jbpm is really just a jar, a lot of time you can
rely on the app server for security.
|
| <!-- following mapping files have a dependendy on -->
| <!-- 'jbpm-identity-{version}.jar', mapping files -->
| <!-- of the pluggable jbpm identity component. -->
| <!-- comment out the following 3 lines if you don't-->
| <!-- want to use the default jBPM identity mgmgt -->
| <!-- component -->
| <mapping resource="org/jbpm/identity/User.hbm.xml"/>
| <mapping resource="org/jbpm/identity/Group.hbm.xml"/>
| <mapping resource="org/jbpm/identity/Membership.hbm.xml"/>
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961123#3961123
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961123
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
