Continue Receive Task through email activation link
roleba...@gmail.com
Within a multi-instance subprocess I have a call-activity called "email-verification". This activity contains a Receive Task which should be continued when a user clicks on the activation-link (which has been send per e-mail to the user before).
Questions:
- Is it a good idea to use the processInstanceId for generating the email-activation link?
- How to identify the waiting receive task by a given processInstanceId? Using ExecutionQuery, ProcessInstanceQuery or something else?
- How to pass data to the waiting receive task and continue it using the Java API?
- Does the following sentence mean that my scenario is not possible? "Correlation of a parallel multi instance isn’t possible because the subscription can’t be identified unambiguously."
- When the built-in message correlation does not work is it still possible using other methods?
- In order to access process engine services from within a different webapp (inside the same servlet container) I need to retrieve an instance of the shared process engine API in first place. How to access the shared engine correctly?
- Which characteristics does a process service instances (i.e. RuntimeService) have? Is it thread-safe, a Singleton, ThreadLocal or something else? I couldn't find answers in the Javadoc for this[2]
[1] https://docs.camunda.org/manual/7.4/reference/bpmn20/tasks/receive-task/
[2] https://docs.camunda.org/javadoc/camunda-bpm-platform/7.4/
Philipp Ossler
- Is it a good idea to use the processInstanceId for generating the email-activation link?
- How to identify the waiting receive task by a given processInstanceId? Using ExecutionQuery, ProcessInstanceQuery or something else?
- How to pass data to the waiting receive task and continue it using the Java API?
- Does the following sentence mean that my scenario is not possible? "Correlation of a parallel multi instance isn’t possible because the subscription can’t be identified unambiguously."
- When the built-in message correlation does not work is it still possible using other methods?
roleba...@gmail.com
- Do subprocesses inherit the process instance id of their parent process?
The RuntimeService method messageEventReceived() seems to be the solution. But this rises additional questions:
- Generally asked: Is the executionId an identification on the lowest possible layer thus any receive task could be uniquily identified this way?
- What does the receive task need in order to be triggerable by messageEventReceived()? Does it need an signal boundary event or is the message definition+name sufficient?
- Regarding the docs [3] the Execution concept in the process engine is not completely aligned with the activity instance concept and it is not guaranteed that the same execution that started a given activity instance will also end it. Does it mean that the executionId is not guaranteed to work as expected?
Philipp Ossler
- Do subprocesses inherit the process instance id of their parent process?
- Generally asked: Is the executionId an identification on the lowest possible layer thus any receive task could be uniquily identified this way?
- What does the receive task need in order to be triggerable by messageEventReceived()? Does it need an signal boundary event or is the message definition+name sufficient?
- Regarding the docs [3] the Execution concept in the process engine is not completely aligned with the activity instance concept and it is not guaranteed that the same execution that started a given activity instance will also end it. Does it mean that the executionId is not guaranteed to work as expected?
Execution execution = runtimeService.createExecutionQuery().variableValueEquals("correlation-variable", "unique-correlation-id").singleResult();runtimeService.messageEventReceived("messageOfReceiveTask", execution.getId());Greetings,
roleba...@gmail.com
Now I am trying to find a concrete solution for the following model. I have created a simplified version of it retaining the overall structure: http://postimg.org/image/yac6anggj/
> Note that the local variable must be set in the same execution, for example using an execution listener on the receive task.
- Does the developer have to explicitly set the variable as "local"? I am not sure what happens when the process instance already contains a variable with the same name or if the developer uses the DelegateExecution method setVariable() instead of setVariableLocal()
- I don't think that the method variableValueEquals(String name, Object value) could guarantee a unique result (execution) if the correlation-value equals the email address for example because the user might be able to register twice using the same address. Do you think that correlation-value should better be set to the execution id of the the recieve task?
- Most important question: Does the method variableValueEquals() solve the problem of having no guarantee that the receive task will be completed by the same execution which started it? And even if the excution id differs from the correlation-value used for searching it the receive task would still be identifed uniquely and correctly?
- Would I be correct in saying that the execution id as returned by variableValueEquals().singleResult() will remain the same until the receive task gets actually triggered just one line futher?
At the moment my model contains a seperate task to send the activation email to the user. But as far as I understood your note ("the local variable must be set in the same execution") it is not safe to generate a activation-link based on an execution id other than the receive task. This means that my model would not work because I generate the activation link based on the execution id of the sending task (which is different to the receive task). At the moment I see two possibilites:
1. Programmatically generate a strong uid in the sending task, set it as a process variable and use the method processVariableValueEquals to find the correct execution id for identifying the receive task (which would require to handle a list of executions; further introducing complexity)
2. Change the model in some way which allows to generate the activation link based on the execution id of the receive task. At the moment I have no idea how such a model would look like because the activation-email logically has to be send to the user before the receive task gets entered
Both ways seems to introduce additional complexity. What do you think?
Furthermore I have found no answers in the docs for this questions:
- "All entities that can have variables are called variable scopes." [1] Which entities can have variables?
- Is there difference between a scope and an execution?
- Can a non-scope activity store variables?
webcyberrob
roleba...@gmail.com
I like the solution you proposed. Are you pushing the correlation data from the Spring component to the engine or is the engine itself pulling the date from the database? When pushing is used the spring component has to interact with the API of the engine somehow. If this happens over internet there would still be a risk for a DoS. I guess your concept is pulling the data from a database which prevents most attacks. But how to protect the databse server?
My use case is intended for external users on the public internet. But I don't expose the engine to the internet, at least I don't want the REST API to be accessible. Instead I have a servlet based webapp (not a process application) for the public which calls the Java API of camunda internally using the Java API of the shared engine running on the same servlet container. So a DoS on the webapp would affect the whole server including the engine :(
This rises a view question:
- How to disable the REST API of camunda completely?
- Which other parts of cammunda should be taken into account?
- At which revenue does the mafia start to pinch money using DoS attacks in europe? (I only heard of it once)
- How to switch off-topic posts to a new discussion in google groups?