We are pleased to announce a new release of Automatiko - 0.22.0
Automatiko comes with AccessPolicy that allows to control access to workflow instances at runtime. Access policies control access
in a fine grained way and what is the most important they are contextual. This means it can evaluate the content of the instance to grant access
to it. It can take into account things like:
With this release, a new AccessPolicy was introduced, CompositeAccessPolicy. This policy allows to combine multiple
access policy to be enforced at once, meaning that all defined policies must be met to gain access to given instance.
To learn more about composite access policy, read dedicated section in Automatiko documentation
Access policies that are delivered by Automatiko out of the box:
Allow All - no restrictions, default access policyParticipants - allows to access the instance to the initiator and users that are currently assigned to active user tasksInitiator - allows to access the instance only by the user who initiated the instance
To address this, a custom access policy support was provided. Users can now develop their own custom access policy to be used at runtime.
Custom access policies can take advantage of all compnents of the system becuase they are CDI beans and by that can use injection to gain additional capabilities.
Below is a simple access policy that allows to create instances from locahost only. As can be noticed, this policy gets access to request information to check which host is used. This should only be used as example what is required to build a custom access policy.
Example of custom access policy
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import io.automatiko.engine.api.auth.IdentityProvider;
import io.automatiko.engine.api.auth.NamedAccessPolicy;
import io.automatiko.engine.api.workflow.ProcessInstance;
import io.automatiko.engine.workflow.AbstractProcessInstance;
import io.vertx.core.http.HttpServerRequest;
@ApplicationScoped
public class LocalHostOnlyAccessPolicy implements NamedAccessPolicy> {
@Inject
HttpServerRequest injectedHttpServletRequest;
private boolean allowFromLocalhostOnly() {
if (injectedHttpServletRequest != null && injectedHttpServletRequest.host() != null
&& !injectedHttpServletRequest.host().toLowerCase().startsWith("localhost")) {
return false;
}
return true;
}
@Override
public boolean canCreateInstance(IdentityProvider identityProvider) {
return allowFromLocalhostOnly();
}
@Override
public boolean canReadInstance(IdentityProvider identityProvider, ProcessInstance instance) {
return allowFromLocalhostOnly();
}
@Override
public boolean canUpdateInstance(IdentityProvider identityProvider, ProcessInstance instance) {
return allowFromLocalhostOnly();
}
@Override
public boolean canDeleteInstance(IdentityProvider identityProvider, ProcessInstance instance) {
return allowFromLocalhostOnly();
}
@Override
public boolean canSignalInstance(IdentityProvider identityProvider, ProcessInstance instance) {
return allowFromLocalhostOnly();
}
@Override
public Set visibleTo(ProcessInstance instance) {
return ((AbstractProcessInstance) instance).visibleTo();
}
@Override
public String identifier() {
return "localHostOnly";
}
}
To learn more about access policies, read dedicated section in Automatiko documentation
Recenlty introduced sorting capabilities of the workflow instance have been improved for file system persistence. It was mainly focused on efficency of looking up instances to avoid too much file system access on each sorting request. This should significanlty improve speed of sorting for bigger volumes of data when using file system persistence addon.
Photographs by Unsplash.