One of our clients have requested these features for the business process management system he is going to chose:-

  1. Not to use open source databases. But currently in joget the processes information, users info , organization information,etc are being stored on the mysql server.
  2. Online user registration. But currently Joget only support manually creating new users.
  3. specifying user's password format. For example to be minimum of 8 digits and to be a combination of both upper and lower cases, etc.
  4. How to implement digital signatures that mimic manual signatures if certain workflow activities are critical. such activities include; financial approvals by the financial managers,  formal, employment approval, etc.

Can anyone help me in figuring out how i can implement such features on my current Joget version3 which will include:-

1. use oracle DB instead of Mysql to store processes, users, organization , etc information

2. implement user registration screen.

3. forcing specific users password format for the online user registration.

4. adding digital signature at certain activities

Best Regards

  • No labels

3 Comments

  1. Andrew Whalen

    Hi JohnJohn,

    I can't answer all of your questions but I can answer a few:

    1. It is possible to use a different data source with Joget aside from Mysql. Here is a link that tells you how: http://dev.joget.org/community/display/KB/Custom+Database+Configuration

    2. It should be possible to implement a user registration process because you can give access to forms and processes to anonymous users. Thus you would simply need to create a process with the right forms, and at the end you could use the Bean Shell plug-in to add a new user to the system programmatically.

    3. This is possible because when designing your form you can use a Regex to validate the user's input. Thus in the password form field you would select the 'default validator', and then use a Regex to force a particular password format.

    4. Not sure exactly what you mean in this case. Typically digital signatures are part of a PKI infrastructure and are tied into some client-side software for taking an input from the server, 'signing' it with the user's private key, and then returning the result. Perhaps if you have a specific example of what you want to achieve someone can take a guess at how to solve this challenge.

    Best Regards,

    Andrew

    1. johnjohn123

      Thanks Andrew  for your valuable reply,

      it is now clear for me how to achieve the first three features, but regarding the four point it  was mentioned on the technical customer requirement document that he needs the following main points related to digital signature:-

      1. "Controls to digitally sign and verify signatures and timestamps for documents inside the system"

      2. "The proposed solution should support Digital Signatures that will be provided by any trusted Root CA including the e-Government PKI as a shared component for government officials, private companies and citizens".

      So i just need to know and read more about how i can achieve these security requirements inside Joget ?

      Thanks again for your appreciated help.

      BR

      1. Andrew Whalen

        Hi BR,

        Glad I can help. Now, about digitally signing documents. This is a very complex area of software engineering and there are many different ways to do this. It is important that you choose a method that integrates with your user's digital signing software. For example, if your users use Adobe Reader there is a way of signing a PDF document with the user's private key, adding it to the PDF, and then returning the PDF to the sender.

        So although I can't tell you exactly how to do this with Joget, I can give you a few points that you need to look out for:

        1. Joget uses forms to store data. These forms are stored as database records. A database record cannot be digitally signed, so you will need to find a way to generate a document from the form data that can be signed by the user.

        2. One possible way of doing this is having a button in you form (a link to a process) that will take the form data and generate a PDF. This PDF can be stored as a file attachment to your form. In your form you can then have a link where the user can download the form and then sign it locally on their PC or it can be e-mailed to them so that they can sign it. They will then need to upload the form again (or e-mail it back to you) and it can be stored (again) as a file attachment in your form.

        There are also products that can be embedded in your web application, however these require you to have an extra server that the Joget server can communicate with that store all of the encryption keys for all of your users.

        So, to summarize: The most important question for your customer is: Do they already have a digital signature solution in place? If so, which one is it? Then you can figure out how to integrate with that system. If they don't, you will need to decide which digital signature solution to offer together with your application (Here is a link to a widely used system for comparison: http://www.arx.com).

        Once you've got that question answered you can then figure out how to integrate it with Joget. However because Joget has a plugin architecture (for both the back-end and the UI) I don't think there should be any problem in designing a workable solution.

        Cheers!