Monday, July 9, 2012

Running Oracle BPM 11g PS5 Worklist Task Flow and Human Task Form on Non-SOA Domain

With standard setup, both BPM worklist application and Human task form runs on the same SOA domain, where BPM process is running. While this work fine, this is not what we want in development, test and production environment. Mainly because BPM worklist and Human task form are ADF artificats, its easier to develop and run in production from different server. I will describe in this post how to run both BPM worklist application and Human task form on different non-SOA domain. There are two main advantages for such architecture:

1. BPM Worklist TF will be integrated into custom ADF application, no need to run standard BPM Worklist application from SOA domain (read more from previous post - ADF 11g PS5 Application with Customized BPM Worklist Task Flow (MDS Seeded Customization))

2. Human Task form will run on the same non-SOA server, where custom application is deployed (it integrates BPM Worklist TF)


All this makes ADF part less dependent on SOA specifics, as well allows to minimize workload on SOA domain.

Main goal of this post is to aggregate all available information from Oracle documentation into one single sample application. There are several things not working as described in the documentation, I will point below. In order to prepare sample applications for BPM worklist TF and Human task form to be deployed on non-SOA domain, I was using following chapters from Oracle SOA/BPM 11g PS5 developer guides:

1. A Creating Custom ADF Applications with Oracle Business Process Management Workspace Task Flows

2. 30.8.4 How To Deploy a Task Form to a non-SOA Oracle WebLogic Server

Download sample applications:

1. Sample BPM process and Human Task Form - Lab02_v2.zip

2. Custom ADF application with integrated BPM worklist TF - IntegratedBPMWorklistApp_v2.zip

Both applications are deployed on the same non-SOA domain (except for BPM process), I'm using JDev Integrated WLS server 7101 port for this - CreateOrderTaskForm (Human task form) and IntegratedBPMWorklistApp (BPM Worklist TF):


I was deploying CreateOrderTaskForm application first. Follow this section from Oracle SOA/BPM developer guide: 30.8.4 How To Deploy a Task Form to a non-SOA Oracle WebLogic Server. While provided documentation info is very useful, still you can't follow it completely.

Decide first, how you would like to run BPM Worklist TF. There are two options - federated and normal modes. Federated mode provides less functionality, is designed for remote servers. My sample app is configured (as by default) to run in normal mode, this means there is no need to create wf_client_config.xml file.

Create Foreign JNDI with links pointing to SOA server - this will allow to connect from non-SOA domain to SOA server:


Links:



Assign BPM security grants in system-jazn-data.xml from non-SOA domain. You still will see security error, when starting non-SOA domain, it will try to register Human task form with BPM process and will fail - you can ignore this.

One thing you should point your attention is oracle.soa.workflow library installation on non-SOA domain. If non-SOA domain already have WebCenter extensions installed, most likely there already exists another library - oracle.soa.workflow.wc. Developer guide says you can use either one or another. What I experienced - when I had both libraries installed, I was getting class path conflicts when starting BPM Worklist TF. If you will get similar error, double check may be both libraries are installed. I have only one:


Once configuration is completed - you can deploy Human task form. Deployment is done on JDev integrated server:


BPM process is deployed on SOA enabled domain:


Define Human task form URI for BPM process. Go to BPM process in Enterprise Manager and select Human Workflow component:


Specify address for Human task form associated with selected BPM process (server port should point to non-SOA domain in this case):


First part is completed - now we move to BPM Worklist TF (IntegratedBPMWorklistApp_v2 application). We are not using out of the box shell application - BPM Worklist. Instead we are using only Task List TF from that application, inside our own custom environment. Read more from Oracle BPM developer guide - A Creating Custom ADF Applications with Oracle Business Process Management Workspace Task Flows.

There is one thing that developer guide doesn't say. If you will configure BPM libraries for your project as developer guide says - you will get errors when running application directly from JDeveloper (libraries are not copied into deployment folder). It works well, if you will deploy on the server, but not when you run from JDeveloper. This happens, because standard BPM Worklist Components library available in JDeveloper is not marked to be deployed (and this option is disabled to change):


Same for BPM Services library, this library is mandatory on class path when deploying on non-SOA domain:


Libraries are not copied into deployment folder when running from JDeveloper, even there is a check:


Workaround it to create your own library group (for example - Custom BPM Worklist), add all 3 required libraries and set to be deployed by default (important if you want to run BPM Worklist TF application from JDeveloper directly):


Custom library is added to the project:


JAR files included through the custom library are targeted for deployment:


BPM Worklist TF - TaskList is included using Worklist mode (Workspace also possible, but will require additional libraries to be added):


Make sure security is granted to each resource:


Deploy custom ADF application with BPM Worklist TF to integrated WLS server:


BPM Worklist TF and Human task form is running from custom ADF application, deployed on JDeveloper integrated WLS server port 7101:


To summarize content of this post:

1. Enable JDev integrated WLS domain to run SOA

- Install Oracle SOA Workflow library, if required. Configure foreign JNDI. Set security grants for BPM

- Deploy

- Change Human task form URI

- Test from BPM Worklist application

2. Run BPM Worklist TF on non-SOA JDev integrated WLS domain

- Set domain trust password

- Define custom library for BPM components

- Make sure no conflicts between oracle.soa.workflow and oracle.soa.workflow.wc

42 comments:

Unknown said...

What if our composite application contains soa-mds connection ? Should there be way to register SOA-MDS to IntegratedWebLogic ?

Thanks

Achinto Banerjee said...

Excellent post Andrejus. Makes the life so much more easier .


Had to enable the trust between servers using the http://docs.oracle.com/cd/E23943_01/user.1111/e15175/bpmug_ws_taskflows.htm#BACGFIGI

Also, when do we look to run the taksflow in the fedrated mode as against normal mode as outlined in this blog. Also, if you can share something on the fedrated mode it would be great.

Achinto Banerjee said...

Hi Andrejus ,

When I try to implement the task form to run in non soa domain . I keep getting classcast exception intermittently. Once I start the soa and the non soa server the error seems to go away. But it seems to happen quite frequently.

java.lang.ClassCastException: oracle.bpel.services.workflow.query.ejb.TaskQueryService_oz1ipg_HomeImpl_1036_WLStub cannot be cast to oracle.bpel.services.workflow.query.ejb.TaskQueryServiceRemoteHome
at oracle.bpel.services.workflow.query.client.TaskQueryServiceRemoteClient.getWorkflowContext(TaskQueryServiceRemoteClient.java:225)

Andrej Baranovskij said...

I can see it also - this is Oracle internal issue or some bug perhaps...

Andrejus

Achinto Banerjee said...

Thanks for the update Andrejus.
One more question .. reagarding the foreign jndi. It seems as per the documentaion we need to configure only 8 links http://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_designtf.htm#autoId33 . But somehow in the screenshot you have attached there are 14 links. I ask this because I am getting an exception when I try to claim the task inside task form deployed in non-soa(or take any action). The exception is unable to lookup the jndi ejb/bpel/services/workflow/TaskServiceGlobalTransactionBean. This jndi something I had not configure as it was not mentioned in the doc. But I can see from the screenshot that it is configured for you . Once I create this jndi link the error goes away. Can you please guide on the jndi we should be creating for the task form to work correctly.

Andrej Baranovskij said...

Yes, as I remember now - docs were incomplete. Its why after some research and comparing JNDI on SOA domain I included these additional JNDI.

You should add these links...

Andrejus

Vikrant Korde said...

Hey Andrejus,

I am also getting the below exception

oracle.imaging.axf.resources.AxfException: javax.ejb.EJBException: EJB Exception: ; nested exception is:
java.lang.ClassCastException: oracle.bpel.services.workflow.query.ejb.TaskQueryService_oz1ipg_HomeImpl_1036_WLStub; nested exception is: java.lang.ClassCastException: oracle.bpel.services.workflow.query.ejb.TaskQueryService_oz1ipg_HomeImpl_1036_WLStub


Can you please let me know how to get rid of this error?

Regards,
Vikrant Korde.

Vikrant Korde said...

Hi Andrejus,

I could resolve this error just be changing the sequence of starting the servers. Thanks to John Schleicher who suggested me below sequence.
1. Start Admin Server
2. After Admin started, start UCM and IPM simultaneously
3. After IPM & UCM started, start SOA.

Check if this resolves your problem.
The SR guy asked me to do following

1. Stop WebCenter Content: Imaging Server.
2. Clear the Temp files located at: /[IPMDomain]/servers/AdminServer/tmp
3. Restart WebCenter Content: Imaging.
4. Re-test.

But above solution worked for me. Let me know if it works for you toooooooooooo.

There is an OTN discussion which is related to this
https://forums.oracle.com/forums/thread.jspa?threadID=2458659&tstart=0

Regards,
Vikrant Korde.

Sushil said...

When i try to run this application _afrLoop goes into infinite loop.
Please suggest....

pavan4s said...

Hi Andrejus,

I am also getting class cast exception.

<__log> oracle.bpel.services.workflow.runtimeconfig.ejb.RuntimeConfigService_ecesze_HomeImpl_1036_WLStub cannot be cast to oracle.bpel.services.workflow.runtimeconfig.ejb.RuntimeConfigServiceRemoteHome


I tried restarting servers as said by Achinto and Vikrant but no luck.

I am using Jdev integrated server as non soa server and standalone soa server.

Regards

PavanKumar M

Andrej Baranovskij said...

You are doing something wrong guys really :) I just was running the same app today without issues.

Andrejus

raj said...

we are unable to add a custom attribute in documents tab in Human Task Flow, where we want to pass a custom value to be stored in UCM for retrieval of the document
How can we add a custom attribute in HumanTaskFlow, which has to be stored in UCM doc store

Andrej Baranovskij said...

Hi Raj,

You can achieve this requirement by customizing rewriting document support in Human Task with RIDC UCM API and setting your custom UCM metadata field.

Andrejus

Andrej Baranovskij said...

Hi Pavan,

My system-jazn-data.xml is the same as per oracle bpm developer guide.

Andrejus

pavan4s said...

Thanks Andrejus for the reply.

Finally it is working. Looks like Both non soa and soa weblogics should be of same version.

Earlier I was using jdev integrated weblogic as non soa which is 10.1.3.5 and stand alone soa of 10.1.3.6.

Now I installed different weblogic for non soa(10.1.36) and now it is working fine.


Now new problem is : I am trying to consume rulestaskflowdefinition task flow. If i deploy this to soa server there are no issues, but if i deploy to non soa server page comes up and if i click on any report on the left pane it is throwing below error.

"Caused by: java.io.IOException: oracle.mds.exception.MDSException: MDS-00054: The file to be loaded oramds:/soa/configuration/default/workflow-identity-config.xml does not exist."

Please show the way.

Regards
PavanKumar M

pavan4s said...

Hi Andrejus,

Now this issue got resolved.
Oracle says this is a limitation in soa and they will be removing oramds from PS6.
So in older versions we need to add mds-config to adf-config.xml of adf app to access workflow-identity-config.xml from non soa server.


Now another issue:

When I run reports task flow in non soa server page gets displayed and if i click on any report (on the left pane) it throws below error.

"java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=BPM-CRYPTO,keyName=BPM-CRYPTO read)"

Regards
PavanKumar M

Andrej Baranovskij said...

Hi,

You need to add BPM security grants into system-jazn-data.xml

If you dont have these grants, let me know - I can send by email.

Andrejus

Unknown said...

Hi,

I came across your post and was very useful.

Testing the example code, I keep getting the message "ADF_FACES-30108:The view state of the page has expired because of inactivity. Reload the page." and the user has to authenticated again, again and again.

Do you have any idea what might be the problem?

Unknown said...

Hi,

I've found the solution.

It was a configuration on weblogic.xml deployment descriptor.

Andrej Baranovskij said...

Please let others now what configuration specifically it was.

Andrejus

Unknown said...

Ok.

I had to change the deployment descriptor "WEB-INF/weblogic.xml" and add the tag:


your_app_context_path


Another thing is that the "source" server of foreign JNDIs must have the same "Identity Provider" than your local development environment or else you should to use "wfCtxId" parameter from "taskList-task-flow-definition.xml" and make user authentication using through API to retrieve that token.

The last resource is don't configure foreign JNDIs on your local development environment - you don't see the worklist but the rest of the application will work as expected.

Andrej Baranovskij said...

Thanks for sharing your findings !

Andrejus

Unknown said...

My post wasn't showing the tag, here a second version:


<session-descriptor>
<cookie-path> your_app_context_path</cookie-path>
</session-descriptor>

elektra james dio said...

Hi Andrejus ,

SOA server displayed an error: Default configuration is not defined in configuration "workflow-identity-cofig.xml.

How should I proceed?

Regard,

Andrej Baranovskij said...

Hard to say... Looks like SOA server config issue.

Andrejus

elektra james dio said...

The problem is that I could not find the "work-flow-config.xml" file.

Andrej Baranovskij said...

I didnt faced this particular error while configuring, so hard to advice something useful at this time...

Andrejus

elektra james dio said...

Anyway,thankyou!

Anonymous said...

Thanks a lot for another of your great posts! That little trick of the custom Lib was so specific I would never get there...
Thanks again

Andrej Baranovskij said...

Great it worked for you :)

Unknown said...

Hey,

Could you also make clear exactly which system-jaxz-data.xml needs the bpm-services security grants... the one on the non-soa domain or the one on the soa domain?

Your blog suggests change should be made on non-soa but oracle documentation seems to suggest on soa domain. Not clear!

Thanks
Onkar

Andrej Baranovskij said...

I already telling it clear - on non soa-domain, the one where you want to run SOA task flows :)

Andrejus

Unknown said...

Thanks for the reply.

However, after I do all this, i get the following error in logs when accessing the worklist app:

Access to internal workflow context is denied.
Requested access to internal workflow context is not allowed according to security policy.
Ensure that correct security policy is used. If the error persists, contact Oracle Support Services.

at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.registerTaskFlowWithTask(TaskFlowDeployerThread.java:371)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.run(TaskFlowDeployerThread.java:142)
at java.lang.Thread.run(Thread.java:680)
Caused by: ORABPEL-30515

Access to internal workflow context is denied.
Requested access to internal workflow context is not allowed according to security policy.
Ensure that correct security policy is used. If the error persists, contact Oracle Support Services.

at oracle.bpel.services.workflow.verification.impl.VerificationService.createTaskDisplayInternalWorkflowContext(VerificationService.java:1364)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread$1.run(TaskFlowDeployerThread.java:406)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.getInternalWorkflowContext(TaskFlowDeployerThread.java:399)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.registerTaskFlowWithTask(TaskFlowDeployerThread.java:277)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.run(TaskFlowDeployerThread.java:141)
... 1 more
Caused by: java.security.AccessControlException: access denied (oracle.security.jps.JpsPermission VerificationService.createInternalWorkflowContext)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
at oracle.bpel.services.workflow.verification.impl.VerificationService.createTaskDisplayInternalWorkflowContext(VerificationService.java:1357)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread$1.run(TaskFlowDeployerThread.java:408)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.getInternalWorkflowContext(TaskFlowDeployerThread.java:399)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.registerTaskFlowWithTask(TaskFlowDeployerThread.java:277)
at oracle.bpel.services.workflow.client.worklist.servlet.TaskFlowDeployerThread.run(TaskFlowDeployerThread.java:142)
... 1 more

Do you have any idea how to fix this?

Thanks
Onkar

Andrej Baranovskij said...

I didn't had such error in my environment. But you should check, may be Worklist task flow still works, even with this error.

Andrejus

Unknown said...

Finally got it working. Implemented this on an environment with multiple domains.. it was a little bit more complicated.

Thanks for the blog post, it was very helpful and much more clearer than Oracle documentation for this topic. ;)

Regards
Onkar

Andrej Baranovskij said...

Perfect !

Anonymous said...

Hi Andrejus,

Curious: Why an entirely separate domain? what is the benefit here over simply adding additional managed servers to the soa domain and even another machine or two to isolate the adf server JVM(s) to unique hardware if need be?

Completely separate domains and MW_HOME binaries would allow for isolating patching concerns, but one might argue that these are fairly dedicated UI components sufficiently correlated functionally to preclude the need for separate maintenance/patch outages.

Thoughts?

Andrej Baranovskij said...

Hi,

Running separate domains is mainly for optimisation. Having ADF app on separate domain allows to restart domain quickier, BPM admin server requires more resources. From architecture point of view, is better to have them separate.

Of course, technically it would work fine in one domain.

Regards,
Andrejus

Anonymous said...

That may allow the (adf) domain to start more quickly, but in the case of simply hosting human task UIs, what's the point? The ADF views are not usable without the process and the reverse is also true in this case.

Given that dependency, the efficient architecture choice would be to deploy the ADF managed server VMs collocated in the SOA domain to reduce complexity on the premise that you have to wait for the SOA domain to start up to be useful anyway.

Also, other than in DEV environments, restarting the domains is not a frequent activity outside of planned maintenance periods anyway.

Andrej Baranovskij said...

If you are going to host only ADF Human Task Flows, yes - it makes more sense to have one domain with separate managed servers. I agree with you.

Regards,
Andrejus

Anonymous said...

Hey Andrejus this a noob developer

I did everything which is mentioned above but some how I am getting blank screen on running

http://localhost:7101/custombpm/faces/main.jspx

can u please suggest something

Thanks

Anonymous said...

Hi Andrejus,

Great post as usual. We successfully created custom BPM worklist client in ADF using BPM Java API. I see there is a confusion between foreign JNDI server vs wf_client_config.xml file among many developers. Would like to clarify on this.

Foreign JNDI - When your ADF app wants to show tasks from only 1 BPM instance - go for this.
wf_client_config - Lets say you have multiple BPM servers and you want to display tasks from all those servers, go for this configuration. Here you can specify multiple URLs. One more thing - go for REMOTE EJB. SOAP endpoint is meant to be used for internal purpose only (as per Oracle). Also, remember to set federatedMode = true.

Thanks,
Sai