Tuesday, February 27, 2018

Ruminating on BPM vs Case Management

Most BPM tools today support both BPMN (business process modeling notation) as well as CMMN (Case Management Modeling Notation). But when to use what?

It all depends on the process that you want to model. Given below are some tips that can be used to decide whether to model the process as a traditional BPM or a case management solution.

Traditional BPM: 
  • If your process is a predefined and ordered sequence of tasks - e.g. sending out a insurance renewal message, onboarding an employee, etc. 
  • The order of the steps rarely change - i.e. the process is repeatable.
  • Business users cannot dynamically change the process. The process determines the sequence of events. 
Case Management:
  • When the process does not have a strict ordering of steps - e.g. settling a claim.
  • The process depends on the knowledge worker, who decides the next steps. 
  • External events (submission of documents) determine what next step the knowledge worker will take.  
  • Case management empowers knowledge workers and provides them with access to all the information concerning the case. The knowledge worker then uses his discretion and control to move the case towards the next steps. 
Using the above guidelines, you can model your process using BPMN or CMMN. Business rules can be modeled as DMN (decision modeling notation). 

Monday, February 19, 2018

Adding custom filters to Spring Security

One of my teams was looking for an option for adding filters on the Spring Security OAuth Server.

As we know, the Spring Security OAuth2 Server is a complex mesh of filters that get the job done in implementing all the grant types of the OAuth specification - https://docs.spring.io/spring-security/site/docs/current/reference/html/security-filter-chain.html#filter-ordering

The team wanted to add additional filters to this pipeline of Security filters. There are many ways of achieving this:

Option 1: Create a custom filter by extending the Spring GenericFilterBean class. You can set the order by using the @Order annotation.

Option 2: Register the filter manually in the WebSecurityConfigurerAdapter class using the addFilterAfter/addFilterBefore methods.

Option 3: Set the property "security.filter-order=5" in your application.properties. Now you can add upto 4 custom filters and set the order as either 1,2,3,4.
Another option is to manually set the order (without annotations) using FilterRegistrationBean in any @Configuration

The following 2 blogs helped us explore all options and use the appropriate one.
https://mtyurt.net/post/spring-how-to-insert-a-filter-before-springsecurityfilterchain.html
http://anilkc.me/understanding-spring-security-filter-chain/