Course – LSS – NPI (cat=Spring Security)
announcement - icon

If you're working on a Spring Security (and especially an OAuth) implementation, definitely have a look at the Learn Spring Security course:


1. Overview

Activiti is an open-source BPM (Business Process Management) system. For an introduction, check our Guide to Activiti with Java.

Activiti 8 no longer provides support for identity management. We will use the Spring framework for identity management. In the following, we’ll explore how to use Spring Security for identity management.

2. Maven Dependencies

To set up Activiti in a Spring Boot project, check out our previous article. In addition to activiti-spring-boot-starter, we’ll also need the spring-boot-starter-security dependency:


3. Identity Management Using Spring Security

In order to use user management provided by Spring Security we can provide our own Spring Security configuration class as below:

public class SecurityConfig {

    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
            .formLogin(login -> login
            .logout(logout -> logout.logoutSuccessUrl("/login"));

    public UserDetailsService userDetailsService() {
        User.UserBuilder users = User.withDefaultPasswordEncoder();
        UserDetails user = users.username("user")
        return new InMemoryUserDetailsManager(user);

Activiti 8  relies on Spring Security to deal with Security, Roles and Groups. UserDetailsService is used for configuring the users and their respective groups and roles. ACTIVITI_USER role is required to interact with the TaskRuntime API  of Activiti.

4. Conclusion

In this article, we’ve seen how to integrate Activiti with Spring Security. We created a Spring Security configuration which automatically sets the authenticated user and interacts with TaskRuntime API .

The full source code can be found over on GitHub.

Course – LSS (cat=Security/Spring Security)

I just announced the new Learn Spring Security course, including the full material focused on the new OAuth2 stack in Spring Security:

res – Security (video) (cat=Security/Spring Security)
Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.