With the exception of the identity service, all services that use the above-mentioned APIs (SOAP and remote Enterprise JavaBeans) require authentication to be invoked. All the above channels support passing the user identity using the human workflow context. The human workflow context contains either of the following:

• Login and password

• Token

The task query service exposes the authenticate operation that takes the login and password and returns the human workflow context used for all services. Optionally, with each request, an administrator can pass the human workflow context with the login and password.

The authenticate operation also supports the concept of creating the context on behalf of a user with the admin ID and admin password. This operation enables you to create the context for a logged-in user to the Oracle BPM Worklist if the password for that user is not available.

Oracle recommends that you get the workflow context one time and use it everywhere. There are performance implications for getting the workflow context for every request.

A realm is an identity service context from the identity configuration. The realm name can be null if the default configuration is used.

String adminUser = "...."
String adminPassword = "...."
String realm = "...."

IWorkflowContext adminCtx =
taskQueryService.authenticate(user,password.toCharArray(),realm);

IWorkflowContext behalfOfCtx =
 taskQueryService.authenticateOnBehalfOf(adminCtx,"jcooper");

public IWorkflowContext getWorkflowContextForAuthenticatedUser() throws WorkflowException;

The identity service is a thin web service layer on top of the Oracle WebLogic Server security infrastructure, namely Oracle Identity Management and Oracle Platform Security Services (OPSS), or any custom user repository. The identity service enables authentication of users and the lookup of user properties, roles, group memberships, and privileges. Oracle Identity Management is the sole identity service provider for Oracle WebLogic Server. Oracle Identity Management handles all storage and retrieval of users and roles for various repositories, including XML, LDAP, and so on. More specifically, Oracle Identity Management provides the following features:

• All providers are supported through Oracle Identity Management. The OracleAS JAAS Provider (JAZN) and LDAP providers are no longer supported. The custom provider is deprecated and supported only for backward compatibility. All customization of providers is performed through the custom provider to Oracle Identity Management, through configuring Oracle Virtual Directory (OVD) as an LDAP provider to Oracle Identity Management, or through both. OVD aggregates data across various repositories.

• The OPSS layer is used, which includes the following:

  • Identity store

  • Policy store

  • Credential store

  • Framework

  For more information, see Securing Applications with Oracle Platform Security Services. All security configuration is done through the jps-config.xml file.

• All privileges are validated against permissions, as compared to actions in previous releases.

• The following set of application roles are defined. These roles are automatically defined in the SOA Infrastructure application of the OPSS policy store.

  • SOAAdmin: Grant this role to users who must perform administrative actions on any SOA module. This role is also granted the BPMWorkflowAdmin and B2BAdmin roles.

  • BPMWorkflowAdmin: Grant this role to users who must perform any workflow administrative action. This includes actions such as searching and acting on any task in the system, creating and modifying user and group rules, performing application customization, and so on. This role is granted the BPMWorkflowCustomize role and the following permissions:

    • workflow.mapping.protectedFlexField

    • workflow.admin.evidenceStore

    • workflow.admin

  • BPMWorkflowCustomize: Grant this role to business users who must perform mapped attributes (formally flex field) mapping to public mapped attributes. This role is also granted the workflow.mapping.publicFlexField permission.

• The following workflow permissions are defined:

  • workflow.admin: Controls who can perform administrative actions related to tasks, user and group rules, and customizations.

  • workflow.admin.evidenceStore: Controls who can view and search evidence records related to digitally-signed tasks (tasks that require a signature with the use of digital certificates).

  • workflow.mapping.publicFlexField: Controls who can perform mapping of task payload attributes to public mapped attributes.

  • workflow.mapping.protectedFlexField: Controls who can perform mapping of task payload attributes to protected mapped attributes.

http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html

FLEX_LABEL.[label name]=Label Display Name

FLEX_LABEL.Location=Location

The evidence store service is used for digital signature storage and nonrepudiation of digitally-signed human workflows. A digital signature is an electronic signature that authenticates the identity of a message sender or document signer. This ensures that the original content of the message or document sent is unchanged. Digital signatures are transportable, cannot be imitated by others, and are automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot repudiate it later. Digital signatures ensure that a human workflow document:

• Is authentic

• Has not been forged by another entity

• Has not been altered

• Cannot be repudiated by the sender

A cryptographically-based digital signature is created when a public key algorithm signs a sender's message with a sender's private key.

During design time, signatures are enabled for the task. During runtime in Oracle BPM Worklist, when a user approves or rejects the task, the web browser:

• Asks the user to choose the private key to use for signing.

• Generates a digital signature using the private key and task content provided by Oracle BPM Worklist.

Figure 34-2 provides an example.

The following digital signature features are supported:

• PKCS7 signatures based on X.509 certificates

• Browser-based, digitally-signed content without attachments

Each email notification can contain the following parts:

• The notification message

• The HTML content from Oracle BPM Worklist:

  This is a read-only view of Oracle BPM Worklist on the task. For information on how you can configure email notifications to include the content from Oracle BPM Worklist, see Creating an Email Notification.

• Task attachments:

  For notifications that include task attachments.

• Actionable links

Notifications through SMS and IM contain only the notification message.

The notification message is an XPath expression that can contain static text and dynamic values. In creating the messages, only the task BPEL variable is available for dynamic values. This restriction is because the messages are evaluated outside the context of the BPEL process. The payload in the task variable is also strongly typed to contain the type of the payload for XPath tree browsing. The XPath extension function hwf:getNotificationProperty(propertyName) is available to get properties for a particular notification. The function evaluates to corresponding values for each notification. The propertyName can be one of the following values:

• recipient

  The recipient of the notification

• recipientDisplay

  The display name of the recipient

• taskAssignees

  The task assignees

• taskAssigneesDisplay

  The display names of the task assignees

• locale

  The locale of the recipient

• taskId

  The ID of the task for which the notification is meant

• taskNumber

  The number of the task for which the notification is meant

• appLink

  The HTML link to the Oracle BPM Worklist task details page

The following example demonstrates the use of hwf:getNotificationProperty and hwf:getTaskResourceBundle:

concat('Dear ', hwf:getNotificationProperty('recipientDisplay'), ' Task ',
/task:task/task:systemAttributes/task:taskNumber, ' is assigned to you. ',
hwf:getTaskResourceBundleString(/task:task/task:systemAttributes/task:taskId,
'CONGRATULATIONS', hwf:getNotificationProperty('locale')))

This results in a message similar to the following:

Dear Cooper, James Task 1111 is assigned to you. Congratulations

An administrator can perform the following management tasks from Oracle Enterprise Manager Fusion Middleware Control:

• View failed notifications and erroneous incoming notification responses and take corrective actions.

• Perform corrective actions such as delete, resend, and edit on outgoing notifications and addresses.

• View bad emails and block email addresses for incoming notification responses.

• Manage the bad email address list.

• Access runtime data of failed notifications. You can purge this data when it is no longer needed.

For more information, see Administering Oracle SOA Suite and Oracle Business Process Management Suite.

1. In Oracle JDeveloper, configure the notification service for email and other channels. See Using the Notification Service for details.
2. Open the Human Task Editor in Oracle JDeveloper.

   The notifications for a task can be configured during the creation of a task in the Human Task Editor. Notifications can be sent to different types of participants for different actions.

   The actions for which a task notification can be sent are described in How to Notify Recipients of Changes to Task Status.

   Notifications can be sent to users involved in the task in various capacities. These users are described in How to Notify Recipients of Changes to Task Status.

   When the task is assigned to a group, each user in the group is sent a notification if no notification endpoint is available for the group.

   For more information, see the following:

   • Using the Notification Service

   • Specifying Participant Notification Preferences to configure task notifications in the Human Task Editor

   • Administering Oracle SOA Suite and Oracle Business Process Management Suite for details about configuring the notification channel

3. From the messaging server pages of Oracle Enterprise Manager Fusion Middleware Control, configure the appropriate channel (for example, email). See Administering Oracle SOA Suite and Oracle Business Process Management Suite for details.
4. From the Workflow Notification Properties pages of Oracle Enterprise Manager Fusion Middleware Control, configure the notification mode parameter for the notification service to either all channels or email.

   By default, this value is set to NONE, meaning that no notifications are sent. The possible values are:

   • ALL

     The email, IM, and SMS channels are configured and notification is sent through any channel.

   • EMAIL

     Only the email channel is configured for sending notification messages.

   • NONE

     No channel is configured for sending notification messages. This is the default setting.

There are several methods for sending actionable messages. This section provides an overview of procedures.

1. Select Send task attachments with email notifications in the Advanced tab of the Notification section of the Human Task Editor.

   In the actionable email reply, the user can add attachments in the email. These attachments are added as task attachments.

1. Add comments in the actionable email reply between Comments[[‘ and ‘]], as shown in Figure 34-3. Those contents are added as task comments. For example, Comments[[looks good]].

1. Select Make notifications secure (exclude details) in the Advanced tab of the Notification section of the Human Task Editor. This action enables a default notification message to be used. In this case, the notification message does not include the content of the task. Also, this notification is not actionable. The default notification message includes a link to the task in Oracle BPM Worklist. You must log in to see task details.

   For more information, see How to Secure Notifications to Exclude Details.

1. Set up preferred notification channels by using the preferences user interface in Oracle BPM Worklist. The channel is dynamically determined by querying the user preference store before sending the notification. If the user preference is not specified, then the email channel is used.

1. Set reminders in the Advanced tab of the Notification section of the Human Task Editor. Reminder configuration involves the following parameters:

   • Specify the number of times reminders are sent. The values are No Reminders, Remind Once, Remind Twice, Remind Three Times.

   • Specify when the reminder must be sent. Select the values from Day, Hour, Minutes, and select Before Expiration or After Expiration. The values Before Expiration or After Expiration are related to the expiration of the task.

   For more information, see How to Set Up Reminders.

1. In the Notification header attributes section of the Advanced tab of the Notification section of the Human Task Editor, create custom notification headers that specify the preferred notification channel to use (such as email, IM, or SMS). The human workflow email notification layer provides these header values to the rule-based notification service of the Oracle User Messaging Service for use.

   For example, set the Name field to deliveryType and the Value field to SMS.

   The rule-based notification service is only used to identify the preferred notification channel to use. The address for the preferred channel is obtained from Oracle Identity Management. The notification message is created from the information provided by both services.

   For more information, see How to Send Task Attachments with Email Notifications.

When tasks are assigned to a group, application role, or list of users a single user must claim a task to act on it. However, you can also automatically send work to users by using various dispatching mechanisms.

Automatic task dispatching is done through dynamic assignment patterns. Dynamic assignment patterns select a particular user or group from either a group or a list of users or groups. Similarly, when a task is escalated, a task escalation pattern can be used to determine the user to whom the task should be escalated to. Several patterns are provided out of the box. However, you can also create your own patterns for dynamic assignment and task escalation and register them with the workflow service. Table 34-21 describes the three dynamic assignment patterns and one task escalation pattern that are provided out-of-the-box.

These patterns all check a user's vacation status. A user that is currently unavailable is not automatically assigned tasks.

Dynamic assignment patterns can be used when defining a task participant, as described in How to Configure the Single Participant Type. They can also be used with task-assignment rules allowing end-users to specify dynamic assignment of tasks to the members of groups that they manage, as described in How To Create Group Rules.

The dynamic assignment patterns can also be called by using an xpath function in any xpath expression in the task definition.

The signature of the function is:

hwf:dynamicTaskAssign(patternName, participants, inputParticipantType,
targetAssigneeType, isGlobal, invocationContext, parameter1, parameter2, ...,
parameterN)

The parameters are:

• patternName: Mandatory. Name of the pattern to use

• participants: Mandatory. The participant or participants to select the assignee from. Can be a string or element containing a participant name or a comma-separated list of participant names, or a set of elements containing participant names or comma-separated lists of participant names. Participants must all be of the same type.

• inputParticipantType: Mandatory. The type of the input participants (user, group, or application_role)

• targetAssigneeType: Mandatory. The type of assignee to select (user, group, or application_role). Value must match the context in which the function is being used (for example, must be user if dynamically selecting an owner user. If the inputParticipantType is user, the only valid value here is user.

• isGlobal: Boolean value that indicates if the pattern should be assessed using tasks of all types, or just tasks of the same type as the current task. Optional - defaults to false.

• invocationContext: String to uniquely identify where this function is being used. If not specified, a default context is assigned.

• parameterN: Some dynamic assignment patterns allow parameters to be specified. The parameter values can be specified as name-value pairs, using an “=" character as a delimiter - for example, “TIME_PERIOD=7"

Example usages:

hwf:dynamicTaskAssign(“LEAST_BUSY","jcooper,jstein,mtwain","user","user","true","ErrorAssignee")

hwf:dynamicTaskAssign(“MOST_PRODUCTIVE",task:task/task:payload/task:users,"user","user","false","OwnerUser","TIME_PERIOD=7")

hwf:dynamicTaskAssign(“LEAST_BUSY","DeveloperRole","application_role","group"):

Before 12c Release 1 (12.1.3), dynamic assignment could be achieved by using the XPath functions wfDynamicUserAssign and wfDynamicGroupAssign. These XPath functions have been deprecated in 12c Release 1 (12.1.3). They can still be used, but Oracle recommends that you migrate any existing usage of these XPath functions to the new dynamicTaskAssign function.

oracle.bpel.services.workflow.assignment.dynamic.IDynamicAssignmentPattern

oracle.bpel.services.workflow.assignment.dynamic.IDynamicGroupAssignmentFunction
oracle.bpel.services.workflow.assignment.dynamic.IDynamicUserAssignmentFunction

oracle/bpel/services/workflow/resource/WorkflowLabels.properties

DYN_ASSIGN_FN.[pattern name]=Pattern Display Name

DYN_ASSIGN_DESCR.[pattern name]=Function Description

DYN_ASSIGN_PARAM_LABEL.[pattern name].[parameter name]=Parameter Display Name

DYN_ASSIGN_PARAM_LABEL.[pattern name].[parameter name]=Parameter Description

DYN_ASSIGN_FN.MOST_PRODUCTIVE = Most Productive

DYN_ASSIGN_DESCR.MOST_PRODUCTIVE = Picks the user, group or application role that
has completed the highest number of tasks within a certain time period. For group
and application roles the total number of tasks completed by all the users who
are direct members of that group or role are counted. The time period to use can
be specified using the Time Period parameter. If no time period is specified,
then the default value specified in the dynamic assignment configuration for the
instance is used.

DYN_ASSIGN_PARAM_LABEL.MOST_PRODUCTIVE.TIME_PERIOD = Time Period

DYN_ASSIGN_PARAM_DESCR.MOST_PRODUCTIVE.TIME_PERIOD = The previous number of days
over which to count the number of completed tasks. If not specified, the default
value defined in the human workflow dynamic assignment configuration is used.

Human workflow participants are specified declaratively in a routing slip. The routing slip guides the human workflow by specifying the participants and how they participate in the human workflow (for example, management chain hierarchy, serial list of approvers, and so on).

The Human Task Editor enables you to declaratively create the routing slip using various built-in patterns. In addition, you can use advanced routing based on business rules to do more complex routing. However, to do more sophisticated routing using custom logic, you implement a custom assignment service to do routing.

To support a dynamic assignment, an assignment service is used. The assignment service is responsible for determining the task assignees. You can also implement your own assignment service and plug in that implementation for use with a particular human workflow.

The assignment service determines the following task assignment details in a human workflow:

• The assignment when the task is initiated.

• The assignment when the task is reinitiated.

• The assignment when a user updates the task outcome. When the task outcome is updated, the task can either be routed to other users or completed.

• The assignees from whom information for the task can be requested.

• If the task supports reapproval from Oracle BPM Worklist, a user can request information for reapproval.

• The users who reapprove the task if reapproval is supported.

The human workflow service identifies and invokes the assignment service for a particular task to determine the task assignment.

For example, a simple assignment service iteration is as follows:

1. A client initiates an expense approval task whose routing is determined by the assignment service.

2. The assignment service determines that the task assignee is jcooper.

3. When jcooper approves the task, the assignment service assigns the task to jstein. The assignment service also specifies that a notification must be sent to the creator of the task, jlondon.

4. jstein approves the task and the assignment service indicates that there are no more users to whom to assign the task.

/* $Header: TestAssignmentService.java 24-may-2006.18:26:16 Exp $ */
/* Copyright (c) 2004, 2006, Oracle. All rights reserved.  */
/*
   DESCRIPTION
    Interface IAssignmentService defines the callbacks an assignment 
    service implements. The implementation of the IAssignmentService 
    is called by the workflow service
   PRIVATE CLASSES
    <list of private classes defined - with one-line descriptions>
   NOTES
    <other useful comments, qualifications, etc.>
   MODIFIED    (MM/DD/YY)
        
 */
/**
 *  @version $Header: IAssignmentService.java 29-jun-2004.21:10:35 Exp
 $
 *  
 *  
 */
package oracle.bpel.services.workflow.test.workflow;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import oracle.bpel.services.workflow.metadata.routingslip.model.*; 
import oracle.bpel.services.workflow.metadata.routingslip.model.Participants;
import oracle.bpel.services.workflow.metadata.routingslip.model.ParticipantsType.*;
import oracle.bpel.services.workflow.task.IAssignmentService;
import oracle.bpel.services.workflow.task.ITaskAssignee;
import oracle.bpel.services.workflow.task.model.Task;
public class TestAssignmentService implements
 oracle.bpel.services.workflow.task.IAssignmentService {
    static int numberOfApprovals = 0;
    static String[] users = new String[]{"jstein", "wfaulk", "cdickens"};
    public Participants onInitiation(Task task, 
                                     Map propertyBag) {
        return createParticipant();
    }
    public Participants onReinitiation(Task task, 
                                       Map propertyBag) {
        return null;
    }
    public Participants onOutcomeUpdated(Task task, 
                                         Map propertyBag,
                                         String updatedBy,
                                         String outcome) {
        return createParticipant();
    }
    public Participants onAssignmentSkipped(Task task, 
                                            Map propertyBag) {
        return null;
    }
    public List getAssigneesToRequestForInformation(Task task, 
                                                    Map propertyBag) {
        List rfiUsers = new ArrayList();
        rfiUsers.add("jcooper");
        rfiUsers.add("jstein");
        rfiUsers.add("wfaulk");
        rfiUsers.add("cdickens");
        return rfiUsers;
    }
    public List getReapprovalAssignees(Task task, 
                                       Map propertyBag,
                                       ITaskAssignee infoRequestedAssignee) {
        List reapprovalUsers = new ArrayList();
        reapprovalUsers.add("jstein");
        reapprovalUsers.add("wfaulk");
        reapprovalUsers.add("cdickens");
        return reapprovalUsers;
    }
    private Participants createParticipant() {
        if (numberOfApprovals > 2) {
            numberOfApprovals = 0;
            return null;
        }
        String user = users[numberOfApprovals++];

        ObjectFactory objFactory = new ObjectFactory();
        Participants participants = objFactory.createParticipants();
        Participant participant = objFactory.createParticipantsTypeParticipant();
        participant.setName("Loan Agent");
        ResourceType resource2 = objFactory.createResourceType(user);
        resource2.setIsGroup(false);
        resource2.setType("STATIC");
        participant.getResource().add(resource2);

        participants.getParticipantOrSequentialParticipantOrAdhoc().
          add(participant);
        return participants;
    }

}

1. Create a custom task escalation function and register this with the human workflow service that uses that function in task definitions.
2. Use the Human Task Editor to integrate the rule in a human workflow.

   For more information, see How to Specify Escalation Rules.

Each human workflow component can be associated with a resource bundle. The bundle defines the resource strings to use as display names for the task outcomes. The resource strings are returned by the TaskMetadataService method getTaskDefinitionOutcomes, and are displayed in Oracle BPM Worklist and the task flow task details application.

In addition, you can use the human workflow XPath function getTaskResourceBundle string to look up resource strings for the task's resource bundle. For example, this XPath function can be part of the XPath expression used to construct notification messages for the task.

A human workflow component is associated with a resource bundle by setting the Resource Name and Resource Location fields of the Resource Details dialog in the Presentation section of the Human Task Editor. The value for the Resource Location field is a URL, and the resource bundle can be contained within a JAR file pointed to by the URL. It is possible to share the same resource bundle between multiple human workflow components by using a common location for the resource bundle.

If no resource bundle is specified for the human workflow component, the resource string is looked up in the global resource bundle. (See Global Resource Bundle – WorkflowLabels.properties.) Commonly-used task outcomes can be defined in the global resource bundle, alleviating the need to define a resource bundle for individual human workflow components.

If no resource string can be located for a particular outcome, then the outcome name is used as the display value in all locales.

1. Log in to Oracle Enterprise Manager Fusion Middleware Control.
2. In the navigator, expand the SOA folder.
3. Right-click soa-infra, and select Administration > System Mbean Browser.

   The System MBean Browser displays on the right side of the page.

4. Expand Application Defined MBeans > oracle.as.soainfra.config > Server: server_name > WorkflowIdentityConfig > human-workflow > WorkflowIdentityConfig.PropertyType.
5. Click caseSensitive.
6. Click the Operations tab.
7. Click setValue.
8. In the Value field, enter true, and click Invoke.

Human workflow services expose the following workflow services:

• Task service

• Task query service

• User metadata service

• Task evidence service

• Task metadata service

• Runtime config service

• Task report service

To use any of these services, you must use the abstract factory pattern for workflow services. The abstract factory pattern provides a way to encapsulate a group of individual factories that have a common theme.

Perform the following tasks:

• Get the IWorkflowServiceClient instance for the specific service type. The WorkflowServiceClientFactory provides a static factory method to get IWorkflowServiceClient according to the service type.

• Use the IWorkflowServiceClient instance to get the service instance to use.

The supported service types are Remote and Soap.

Remote clients use Enterprise JavaBeans clients (remote Enterprise JavaBeans, accordingly). SOAP uses SOAP clients. Each type of service requires you to configure workflow clients. The first code sample in Workflow Client Configuration File - wf_client_config.xml provides details.

The client configuration file can contain definitions for several configurations. Each server must have its own unique name. If the configuration file defines multiple servers, one server must be set with the default attribute equal to true. The workflowServicesClientConfiguration has an optional attribute named serverType that can be set to one of the following: LOCAL, REMOTE, or SOAP. Each server can override the client type by using the optional attribute clientType.

The second code sample in Workflow Client Configuration File - wf_client_config.xml provides details.

In the second example, server2 uses the default clientType of REMOTE, while server1 overrides the default clientType value to use the clientType of SOAP. The same rule applies if the JAXB WorkflowServicesClientConfigurationType object is used instead of the wf_client_config.xml file.

If the configuration defines a client type, you can use the factory method from the WorkflowServiceClientFactory class. See the code sample below:

public static IWorkflowServiceClient
 getWorkflowServiceClient(WorkflowServicesClientConfigurationType wscc, Logger
 logger) throws WorkflowException

If the map defines a client type with the property CONNECTION_PROPERTY.CLIENT_TYPE, the factory method in the code sample below can be used:

public static IWorkflowServiceClient getWorkflowServiceClient(Map<CONNECTION_
PROPERTY, String> properties, String serverName,    Logger logger) throws
 WorkflowException

/**
 * WFClientSample
 */
package oracle.bpel.services.workflow.samples;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import oracle.bpel.services.workflow.IWorkflowConstants;
import oracle.bpel.services.workflow.WorkflowException;
import oracle.bpel.services.workflow.client.IWorkflowServiceClient;
import oracle.bpel.services.workflow.client.WorkflowServiceClientFactory;
import oracle.bpel.services.workflow.client.IWorkflowServiceClientConstants
 .CONNECTION_PROPERTY;
import oracle.bpel.services.workflow.query.ITaskQueryService;
import oracle.bpel.services.workflow.query.ITaskQueryService.AssignmentFilter;
import oracle.bpel.services.workflow.query.ITaskQueryService.OptionalInfo;
import oracle.bpel.services.workflow.repos.Ordering;
import oracle.bpel.services.workflow.repos.Predicate;
import oracle.bpel.services.workflow.repos.TableConstants;
import oracle.bpel.services.workflow.verification.IWorkflowContext;

public class WFClientSample {

  public static List  runClient(String clientType) throws WorkflowException {
      try {
      
         IWorkflowServiceClient wfSvcClient = null;
         ITaskQueryService taskQuerySvc = null;
         IWorkflowContext wfCtx = null;

         // 1. this step is optional since configuration can be set in  wf_client_
             config.xml file
         Map<CONNECTION_PROPERTY, String> properties = new HashMap<CONNECTION_
PROPERTY, String>();
         if (WorkflowServiceClientFactory.REMOTE_CLIENT.equals(clientType)) {
           properties.put(CONNECTION_PROPERTY.EJB_INITIAL_CONTEXT_FACTORY,
 "weblogic.jndi.WLInitialContextFactory");
           properties.put(CONNECTION_PROPERTY.EJB_PROVIDER_URL,
 "t3://myhost.us.example.com:7001");
           properties.put(CONNECTION_PROPERTY.EJB_SECURITY_CREDENTIALS,
 "weblogic");
           properties.put(CONNECTION_PROPERTY.EJB_SECURITY_PRINCIPAL, "weblogic");
         } else if (WorkflowServiceClientFactory.SOAP_CLIENT.equals(clientType)) {
           properties.put(CONNECTION_PROPERTY.SOAP_END_POINT_ROOT,
 "http://myhost:7001");
           properties.put(CONNECTION_PROPERTY.SOAP_IDENTITY_
PROPAGATION,"non-saml"); // optional
         } 
         // 2. gets IWorkflowServiceClient for specified client type
         wfSvcClient =
 WorkflowServiceClientFactory.getWorkflowServiceClient(clientType, properties,
 null);

         // 3. gets ITaskQueryService instance
         taskQuerySvc = wfSvcClient.getTaskQueryService();

         // 4. gets IWorkflowContext instance
         wfCtx = taskQuerySvc.authenticate("jcooper", "welcome1".toCharArray(),
 "jazn.com");

         // 5. creates displayColumns
         List<String> displayColumns = new ArrayList<String>(8);
         displayColumns.add("TASKID");
         displayColumns.add("TASKNUMBER");
         displayColumns.add("TITLE");
         displayColumns.add("CATEGORY");

         // 6. creates optionalInfo
         List<ITaskQueryService.OptionalInfo> optionalInfo = new
 ArrayList<ITaskQueryService.OptionalInfo>();
         optionalInfo.add(ITaskQueryService.OptionalInfo.DISPLAY_INFO);

         // 7. creates assignmentFilter
         AssignmentFilter assignmentFilter = AssignmentFilter.MY_AND_GROUP;

         // 8. creates predicate
         List<String> stateList = new ArrayList<String>();
         stateList.add(IWorkflowConstants.TASK_STATE_ASSIGNED);
         stateList.add(IWorkflowConstants.TASK_STATE_INFO_REQUESTED);
         Predicate predicate = new Predicate(TableConstants.WFTASK_STATE_COLUMN,
 Predicate.OP_IN, stateList);

         // 9. creates ordering
         Ordering ordering = new Ordering(TableConstants.WFTASK_DUEDATE_COLUMN,
 true, false);
         ordering.addClause(TableConstants.WFTASK_CREATEDDATE_COLUMN, true,
 false);

         // 10. calls service - query tasks 
         List taskList = taskQuerySvc.queryTasks(wfCtx, 
                                                (List<String>) displayColumns, 
                                                (List<OptionalInfo>) optionalInfo, 
                                                (AssignmentFilter)
                                                  assignmentFilter, 
                                                (String) null, // keywords is
 optional (see javadoc)
 // optional
                                                 predicate, 
                                                 ordering,
                                                 0,    // starting row 
                                                 100); // ending row for paging, 0
                                                    if no paging
      
         // Enjoy result
         System.out.println("Successfuly get list of tasks for client type: " +
            clientType +
                            ". The list size is " + taskList.size());
         return taskList;
      } catch (WorkflowException e) {
         System.out.println("Error occurred");
         e.printStackTrace();
         throw e;
      }
   }
   
   public static void main(String args[]) throws Exception {
      runClient(WorkflowServiceClientFactory.REMOTE_CLIENT);
      runClient(WorkflowServiceClientFactory.SOAP_CLIENT);
   }  
  
}

public static IWorkflowServiceClient getWorkflowServiceClient(String clientType,WorkflowServicesClientConfigurationType wscc,Logger logger) throws WorkflowException

<workflowServicesClientConfiguration>
server name="default" default="true">

<remoteClient>
   <serverURL>t3://myhost.us.example.com:7001</serverURL>
   <userName>weblogic</userName>
   <password>weblogic</password>
   <initialContextFactory>weblogic.jndi.WLInitialContextFactory
      </initialContextFactory>
   <participateInClientTransaction>false</participateInClientTransaction>
</remoteClient>

<soapClient>
   <rootEndPointURL>http://myhost.us.example.com:7001</rootEndPointURL>
   <identityPropagation mode="dynamic" type="saml">
   <policy-references>
      <policy-reference enabled="true" category="security" 
         uri="oracle/wss10_saml_token_client_policy"/>
      </policy-references>
   </identityPropagation>
</soapClient>

</server>
</workflowServicesClientConfiguration>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<workflowServicesClientConfiguration
 xmlns="http://xmlns.oracle.com/bpel/services/client" clientType="REMOTE"
   <server name="server1" default="true"  clientType="SOAP">
      <remoteClient>
         <serverURL>t3://myhost1.us.example.com:7001</serverURL>
         <initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
         <participateInClientTransaction>false</participateInClientTransaction>
      </remoteClient> -->
      <soapClient>
         <rootEndPointURL>http://myhost1.us.example.com:7001</rootEndPointURL>
         <identityPropagation mode="dynamic" type="saml">
            <policy-references>
               <policy-reference enabled="true" category="security"
                                 uri="oracle/wss10_saml_token_client_policy"/>
            </policy-references>
         </identityPropagation>
      </soapClient>
   </server>
   <server name="server2">
      <remoteClient>
         <serverURL>t3://myhost2.us.example.com:7001</serverURL>
         <initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
         <participateInClientTransaction>false</participateInClientTransaction>
      </remoteClient> -->
      <soapClient>
         <rootEndPointURL>http://myhost2us.example.com:7001</rootEndPointURL>
         <identityPropagation mode="dynamic" type="saml">
            <policy-references>
               <policy-reference enabled="true" category="security"
                                 uri="oracle/wss10_saml_token_client_policy"/>
            </policy-references>
         </identityPropagation>
      </soapClient>
   </server>
</workflowServicesClientConfiguration>

IWorkflowServiceClient   wfSvcClient =
WorkflowServiceClientFactory.getWorkflowServiceClient(WorkflowServiceClientFactory
.REMOTE_CLIENT,
(Map<IWorkflowServiceClientConstants.CONNECTION_PROPERTY, String> ) null, null);

public static IWorkflowServiceClient getWorkflowServiceClient(String clientType,Map<CONNECTION_PROPERTY, String> properties,
Logger logger) hrows WorkflowException 

public static IWorkflowServiceClient getWorkflowServiceClient(Map<CONNECTION_
PROPERTY, String> properties,   Logger logger) throws WorkflowException

public enum CONNECTION_PROPERTY {
            MODE,  // not supported , deprecated
            EJB_INITIAL_CONTEXT_FACTORY,
            EJB_PROVIDER_URL,
            EJB_SECURITY_PRINCIPAL,
            EJB_SECURITY_CREDENTIALS,
            // SOAP configuration
            SOAP_END_POINT_ROOT,
            SOAP_IDENTITY_PROPAGATION, // if value is 'saml' then SAML-token
              identity propagation is used
            SOAP_IDENTITY_PROPAGATION_MODE,  // "dynamic'
            MANAGEMENT_POLICY_URI, // dafault value is "oracle/log_policy"
            SECURITY_POLICY_URI,   // default value is  "oracle/wss10_
               saml_token_client_policy"
            // REMOTE EJB
            TASK_SERVICE_PARTICIPATE_IN_CLIENT_TRANSACTION  // default value is
               false
            //(task service EJB starts a new transaction)
            CLIENT_TYPE,            DISCOVERY_OF_END_POINT,
            WSS_RECIPIENT_KEY_ALIAS,
            EJB_JNDI_SUFFIX // append to jndi name to used  foreign jndi name
 };

Map<CONNECTION_PROPERTY,String> properties = new HashMap<CONNECTION_
PROPERTY,String>();
properties.put(CONNECTION_PROPERTY.EJB_INITIAL_CONTEXT_
FACTORY,"weblogic.jndi.WLInitialContextFactory");

properties.put(CONNECTION_PROPERTY.EJB_PROVIDER_URL,
 "t3://myhost.us.example.com:7001");
properties.put(CONNECTION_PROPERTY.EJB_SECURITY_PRINCIPAL, "weblogic");
properties.put(CONNECTION_PROPERTY.EJB_SECURITY_CREDENTIALS, "weblogic");
IWorkflowServiceClient client =
 WorkflowServiceClientFactory.getWorkflowServiceClient(
                                WorkflowServiceClientFactory.REMOTE_CLIENT,
 properties, null);

Map<CONNECTION_PROPERTY,String> properties = new HashMap<CONNECTION_
PROPERTY,String>();
properties.put(CONNECTION_PROPERTY.SOAP_END_POINT_ROOT, "http://myhost:7001");
IWorkflowServiceClient client =
 WorkflowServiceClientFactory.getWorkflowServiceClient(
                                WorkflowServiceClientFactory.SOAP_CLIENT,
 properties, null);

java.util.logging.Logger logger = ....;

IWorkflowServiceClient client =
WorkflowServiceClientFactory.getWorkflowServiceClient(WorkflowServiceClientFactory
.REMOTE_CLIENT, properties, logger);

java -classpath wsclient_extended.jar:bpm-services.jar 
 oracle.bpel.services.workflow.client.config.MigrateClientConfiguration 
original_file [new_file];

This section describes how to propagate identities using Enterprise JavaBeans and SAML-tokens for SOAP clients.

There are performance implications for getting the workflow context for every request. This is also true for identity propagation. If you use identity propagation with SAML-token or Enterprise JavaBeans, authenticate the client by passing null for the user and password, get the workflow context instance, and use another service call with workflow context without identity propagation.

http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html

properties.put(CONNECTION_PROPERTY.SECURITY_POLICY_URI     "oracle/wss10_saml_
token_client_policy");
properties.put(CONNECTION_PROPERTY.MANAGEMENT_POLICY_URI , "oracle/log_policy");

Map<CONNECTION_PROPERTY,String> properties = new HashMap<ONNECTION_
PROPERTY,String>();
properties.put(CONNECTION_PROPERTY.SOAP_IDENTITY_PROPAGATION , "saml");
properties.put(CONNECTION_PROPERTY.SOAP_END_POINT_ROOT,
 "http://myhost.us.example.com:7001");
properties.put(ONNECTION_PROPERTY.SECURITY_POLICY_URI, "oracle/wss10_saml_token_
client_policy"); //optional
properties.put(CONNECTION_PROPERTY.MANAGEMENT_POLICY_URI , "oracle/log_policy");
  //optional
IWorkflowServiceClient client =
                            WorkflowServiceClientFactory.getWorkflowServiceClient(
                            WorkflowServiceClientFactory.SOAP_CLIENT,
properties, null);

<soapClient>
        <rootEndPointURL>http://myhost.us.example.com:7001</rootEndPointURL>
        <identityPropagation mode="dynamic" type="saml">
            <policy-references>
                <policy-reference enabled="true" category="security"
 uri="oracle/wss10_saml_token_client_policy"/>
            </policy-references>
        </identityPropagation> </soapClient>

Map<CONNECTION_PROPERTY,String> properties = new HashMap<ONNECTION_
PROPERTY,String>();
properties.put(CONNECTION_PROPERTY.SOAP_IDENTITY_PROPAGATION , "saml");
properties.put(CONNECTION_PROPERTY.SOAP_END_POINT_ROOT,
 "http://myhost.us.example.com:7001");
properties.put(CONNECTION_PROPERTY.WSS_RECIPIENT_KEY_ALIAS,keyAlias); 
// where keyAlias  is a key alias value
properties.put(ONNECTION_PROPERTY.SECURITY_POLICY_URI, "oracle/wss10_saml_token_
client_policy"); //optional
properties.put(CONNECTION_PROPERTY.MANAGEMENT_POLICY_URI , "oracle/log_policy");
  //optional
IWorkflowServiceClient client =
                            WorkflowServiceClientFactory.getWorkflowServiceClient(
                            WorkflowServiceClientFactory.SOAP_CLIENT,
 properties, null);

<xsd:complexType name="identityPropagationType">
    <xsd:sequence>
      <xsd:element name="policy-references"  type="PolicyReferencesType" 
       minOccurs="0" maxOccurs="1"/>
      <xsd:element name="wssRecipientKeyAlias"  type="xsd:string"  minOccurs="0"
       maxOccurs="1"/> </xsd:sequence> 
    <xsd:attribute name="type" type="xsd:string"  default="saml"/>
    <xsd:attribute name="mode" type="xsd:string"  default="dynamic"/>
</xsd:complexType>

^Footnote 1

NOT NULL column

^Footnote 2

NOT NULL column

^Footnote 3

For completed tasks, the state is null. Use decode(outcome, '', 'COMPLETED', outcome) in queries.

^Footnote 4

NOT NULL column