THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Version Warning
The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available.
Version warning
Content of this page applies to Apache Syncope 1.0.X
It can be adapted to Apache Syncope 1.1.X by changing some information, like as the package of Java classes: for example org.apache.syncope.core.workflow.activiti.Create is org.apache.syncope.core.workflow.user.activiti.task.Create in 1.1.X.
The following workflow allows self registration and password reset both based on the token approach. (Custom Service Classes are used in this sample.)
Workflow BPMN 2.0 Definition
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<definitions id="definitions"
targetNamespace="http://activiti.org/bpmn20"
xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:activiti="http://activiti.org/bpmn"
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI"
xmlns:omgdc="http://www.omg.org/spec/DD/20100524/DC"
xmlns:omgdi="http://www.omg.org/spec/DD/20100524/DI"
xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL
http://www.omg.org/spec/BPMN/2.0/20100501/BPMN20.xsd">
<process id="userWorkflow" name="User Workflow">
<startEvent id="theStart"/>
<!-- Create an user -->
<sequenceFlow id="flow1" sourceRef="theStart" targetRef="create"/>
<serviceTask id="create" name="Create" activiti:class="org.apache.syncope.core.workflow.activiti.Create"/>
<sequenceFlow id="flow2" sourceRef="create" targetRef="createGW"/>
<exclusiveGateway id="createGW"/>
<sequenceFlow id="create2Activate" sourceRef="createGW" targetRef="enableGW">
<conditionExpression xsi:type="tFormalExpression">${!syncopeUser.getRoleIds().contains(4)}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="create2GenerateToken" sourceRef="createGW" targetRef="generateToken">
<conditionExpression xsi:type="tFormalExpression">${syncopeUser.getRoleIds().contains(4)}</conditionExpression>
</sequenceFlow>
<!-- activate user if suspension is not required -->
<exclusiveGateway id="enableGW"/>
<sequenceFlow id="createApprovalGW2Activate" sourceRef="enableGW" targetRef="autoActivate">
<conditionExpression xsi:type="tFormalExpression">${enabled==null}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="createApprovalGW2Active" sourceRef="enableGW" targetRef="active">
<conditionExpression xsi:type="tFormalExpression">${enabled}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="createApprovalGW2Suspended" sourceRef="enableGW" targetRef="suspend">
<conditionExpression xsi:type="tFormalExpression">${!enabled}</conditionExpression>
</sequenceFlow>
<serviceTask id="autoActivate" name="Auto activate" activiti:class="org.apache.syncope.core.workflow.activiti.AutoActivate"/>
<sequenceFlow id="flow4" sourceRef="autoActivate" targetRef="active"/>
<serviceTask id="generateToken" name="Generate token" activiti:class="org.apache.syncope.core.workflow.activiti.GenerateToken"/>
<sequenceFlow id="flow5" sourceRef="generateToken" targetRef="activate"/>
<userTask id="activate" name="Activate"/>
<sequenceFlow id="flow6" sourceRef="activate" targetRef="standardActivationGW"/>
<!--NOTE: this gateway makes sense when the token to be checked (i.e. the 'token' variable below) is provided as input
from external to this workflow instance (a link provided in an notification e-mail, for example)-->
<!--exclusiveGateway id="activateGw"/>
<sequenceFlow id="activateGWFlow" sourceRef="activateGw" targetRef="standardActivationGW">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${!syncopeUser.getAttribute("pwreset").getValues().get(0).getBooleanValue()}]]>
</conditionExpression>
</sequenceFlow>
<sequenceFlow id="pwresetGWFlow" sourceRef="activateGw" targetRef="pwResetActivationGW">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.getAttribute("pwreset").getValues().get(0).getBooleanValue()}]]>
</conditionExpression>
</sequenceFlow-->
<exclusiveGateway id="standardActivationGW"/>
<!-- enable removal of user through console -->
<sequenceFlow id="activate2DeleteUser" sourceRef="standardActivationGW" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<!-- user asks pwreset of newly created user - do nothing -->
<sequenceFlow id="activate2activate1" sourceRef="standardActivationGW" targetRef="activate">
<conditionExpression xsi:type="tFormalExpression">${task == 'pwreset'}</conditionExpression>
</sequenceFlow>
<!-- valid token, remove and push to active state -->
<sequenceFlow id="activate2removeToken" sourceRef="standardActivationGW" targetRef="removeToken">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.checkToken(token)}]]>
</conditionExpression>
</sequenceFlow>
<!-- wrong token and token not expired, stay in activate -->
<sequenceFlow id="activate2activate2" sourceRef="standardActivationGW" targetRef="activate">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${!syncopeUser.getToken().equals(token)&&!syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<!-- expired token, delete user -->
<sequenceFlow id="activate2Delete" sourceRef="standardActivationGW" targetRef="deleteExpiredUser">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<serviceTask id="removeToken" name="Removetoken" activiti:class="org.company.workflow.DeleteToken"/>
<sequenceFlow id="flow62" sourceRef="removeToken" targetRef="active"/>
<serviceTask id="deleteExpiredUser" name="Delete expired user" activiti:class="org.company.workflow.ExpiredTokenUserDelete"/>
<sequenceFlow id="expiredflow" sourceRef="deleteExpiredUser" targetRef="toBeRemoved"/>
<userTask id="toBeRemoved" name="Status of user to be removed"/>
<sequenceFlow id="toBeRemoved2DeleteUser" sourceRef="toBeRemoved" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<!-- Active user -->
<userTask id="active" name="Active"/>
<sequenceFlow id="flow7" sourceRef="active" targetRef="activeGw"/>
<exclusiveGateway id="activeGw"/>
<sequenceFlow id="active2Update" sourceRef="activeGw" targetRef="update">
<conditionExpression xsi:type="tFormalExpression">${task == 'update'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2Suspend" sourceRef="activeGw" targetRef="suspend">
<conditionExpression xsi:type="tFormalExpression">${task == 'suspend'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2Delete" sourceRef="activeGw" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2PasswordReset" sourceRef="activeGw" targetRef="pwreset">
<conditionExpression xsi:type="tFormalExpression">${task == 'pwreset'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2PasswordResetActivate" sourceRef="activeGw" targetRef="pwResetActivationGW">
<conditionExpression xsi:type="tFormalExpression">${task == 'activate'}</conditionExpression>
</sequenceFlow>
<!-- Update an active user -->
<serviceTask id="update" name="Update" activiti:class="org.apache.syncope.core.workflow.activiti.Update"/>
<!-- cleanup after password reset -->
<!-- <sequenceFlow id="flow81" sourceRef="update" targetRef="removePWToken"/>
<serviceTask id="removePWToken" name="Removetoken" activiti:class="org.company.workflow.DeleteToken"/> -->
<sequenceFlow id="flow82" sourceRef="update" targetRef="active"/>
<!-- Suspend an active user -->
<serviceTask id="suspend" name="Suspend" activiti:class="org.apache.syncope.core.workflow.activiti.Suspend"/>
<sequenceFlow id="flow9" sourceRef="suspend" targetRef="suspended"/>
<userTask id="suspended" name="Suspended"/>
<sequenceFlow id="flow10" sourceRef="suspended" targetRef="suspendedGw"/>
<exclusiveGateway id="suspendedGw"/>
<sequenceFlow id="suspended2Reactivate" sourceRef="suspendedGw" targetRef="reactivate">
<conditionExpression xsi:type="tFormalExpression">${task == 'reactivate'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="suspended2Delete" sourceRef="suspendedGw" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<!-- Reactivate a suspended user -->
<serviceTask id="reactivate" name ="Reactivate" activiti:class="org.apache.syncope.core.workflow.activiti.Reactivate"/>
<sequenceFlow id="flow11" sourceRef="reactivate" targetRef="active"/>
<!-- Password reset -->
<!-- set pwreset flag on user and generate token -->
<!-- redirect to active -->
<serviceTask id="pwreset" name="Initialize password reset" activiti:class="org.company.workflow.InitPWReset"/>
<!--sequenceFlow id="PWRflow1" sourceRef="pwreset" targetRef="activate"/-->
<sequenceFlow id="PWRflow1" sourceRef="pwreset" targetRef="active"/>
<!-- password reset gateway, called by activate method -->
<exclusiveGateway id="pwResetActivationGW"/>
<!-- enable removal of user through console -->
<sequenceFlow id="pwreset2DeleteUser" sourceRef="pwResetActivationGW" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<!-- relaunch reset -->
<sequenceFlow id="pwreset2initpwreset" sourceRef="pwResetActivationGW" targetRef="pwreset">
<conditionExpression xsi:type="tFormalExpression">${task == 'pwreset'}</conditionExpression>
</sequenceFlow>
<!-- valid token, go to next step in pwreset -->
<sequenceFlow id="pwreset2setPassword" sourceRef="pwResetActivationGW" targetRef="setPassword">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.checkToken(token)}]]>
</conditionExpression>
</sequenceFlow>
<!-- invalid token but not expired, stay in active -->
<sequenceFlow id="pwreset2activate" sourceRef="pwResetActivationGW" targetRef="active">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${!syncopeUser.getToken().equals(token)&&!syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<!-- expired token -->
<sequenceFlow id="pwreset2expiredPWReset" sourceRef="pwResetActivationGW" targetRef="expiredPWReset">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<!-- wait for changed password -->
<userTask id="setPassword" name="Password reset step 2 set password"/>
<sequenceFlow id="SetPassword2setPasswordGW" sourceRef="setPassword" targetRef="setPasswordGW"/>
<exclusiveGateway id="setPasswordGW"/>
<sequenceFlow id="setPassword2Update" sourceRef="setPasswordGW" targetRef="endpwreset">
<conditionExpression xsi:type="tFormalExpression">${task == 'update'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="setPassword2Delete" sourceRef="setPasswordGW" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="setPassword2activation" sourceRef="setPasswordGW" targetRef="pwResetActivationGW">
<conditionExpression xsi:type="tFormalExpression">${task == 'activate'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="setPassword2initpwreset" sourceRef="setPasswordGW" targetRef="pwreset">
<conditionExpression xsi:type="tFormalExpression">${task == 'pwreset'}</conditionExpression>
</sequenceFlow>
<serviceTask id="endpwreset" name="Set new password and cleanup" activiti:class="org.company.workflow.EndPWReset"/>
<sequenceFlow id="pwrflow21" sourceRef="endpwreset" targetRef="active"/>
<!-- token link has expired on activation
Remove token and go back to active state
-->
<serviceTask id="expiredPWReset" name="Expired token for PW reset" activiti:class="org.company.workflow.DeletePwToken"/>
<sequenceFlow id="PWRflow4" sourceRef="expiredPWReset" targetRef="active"/>
<!-- Reject an user -->
<scriptTask id="reject" name="Reject" scriptFormat="groovy">
<!-- Do something with rejectReason -->
<script>
def scriptVar = rejectReason
</script>
</scriptTask>
<sequenceFlow id="flow12" sourceRef="reject" targetRef="rejected"/>
<userTask id="rejected" name="Rejected"/>
<sequenceFlow id="flow13" sourceRef="rejected" targetRef="delete"/>
<!-- Delete an user (created, active or suspended) -->
<serviceTask id="delete" name="Delete" activiti:class="org.apache.syncope.core.workflow.activiti.Delete"/>
<sequenceFlow id="flow99" sourceRef="delete" targetRef="theEnd"/>
<endEvent id="theEnd"/>
</process>
</definitions>
