||
Skip to end of metadata
Go to start of metadata

The following are advanced configurations which can be made for human task coordination:

Securing username/password with secure vault

You can secure (encrypt) username/password fields in the b4p-coordination-config.xml and humantask.xml config files using WSO2 secure vault tool. Read WSO2 Carbon Secure Vault Documentation for more information.

Step 1: Add secret aliases to configurations files

  1. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the b4p-coordination-config.xml file.
  2. Add humantask secret aliases to TaskProtocolHandlerAuthentication as shown below.

    <TaskProtocolHandlerAuthentication>
    	<Username svns:secretAlias="HumanTask.ProtocolHandler.Username">user</Username>
    	<Password svns:secretAlias="HumanTask.ProtocolHandler.Password">password</Password>
    </TaskProtocolHandlerAuthentication>
  3. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the humantask.xml configuration file.
  4. Add B4P secret aliases to RegistrationServiceAuthentication as shown below.

    <RegistrationServiceAuthentication>
    	<Username svns:secretAlias="B4P.RegistrationService.Username">user</Username>
    	<Password svns:secretAlias="B4P.RegistrationService.Password">password</Password>
    </RegistrationServiceAuthentication>

Step 2: Modify "cipher-text.properties" file

  1. Add the above secret aliases with plain text username/password values enclosed by square brackets to the cipher-text.properties file located at <BPS_HOME>/repository/conf/security.

    B4P.RegistrationService.Username=[admin.username]
    B4P.RegistrationService.Password=[admin.password]
    HumanTask.ProtocolHandler.Username=[admin2.username]
    HumanTask.ProtocolHandler.Password=[admin2.username]

    An example configuration for user "admin" with password "admin123" is as follows:

    B4P.RegistrationService.Username=[admin]
    B4P.RegistrationService.Password=[admin123]
    HumanTask.ProtocolHandler.Username=[admin]
    HumanTask.ProtocolHandler.Password=[admin123]
  2. Update other secret aliases values (username/password) if not updated yet.

Step 3: Modify "cipher-tool.properties" file

Add the following entries to cipher-tool.properties file located at <BPS_HOME>/repository/conf/security.

HumanTask.ProtocolHandler.Username=b4p-coordination-config.xml//HumanTaskCoordinationConfiguration/TaskProtocolHandlerAuthentication/Username,true
HumanTask.ProtocolHandler.Password=b4p-coordination-config.xml//HumanTaskCoordinationConfiguration/TaskProtocolHandlerAuthentication/Password,true
B4P.RegistrationService.Username=humantask.xml//HumanTaskServerConfig/HumanTaskCoordination/RegistrationServiceAuthentication/Username,true
B4P.RegistrationService.Password=humantask.xml//HumanTaskServerConfig/HumanTaskCoordination/RegistrationServiceAuthentication/Password,true


Step 4: Run the cipher tool

Go to <BPS_HOME>/bin and run the cipher tool using the following command:

sh ciphertool.sh -Dconfigure

See Cipher Tool for more information. This will create encrypted values for given plain text values. If this was successfully completed, cipher tool will replace values in configuration file with dummy values and the human task coordination feature will read those configurations using secure vault.

If you want to change encrypted values, run the cipher tool again with the -Dchange parameter.

sh ciphertool.sh -Dchange

Enabling registration service and task registration

The registration service is used by the task engine to register a task with the Task Parent (B4P module). This service is compliant with HumanTask 1.1 Specification. However, Task Registration introduces an overhead as additional Web service invocations are required. Hence, if it is within the same BPS cluster and in the super tenant mode (default deployment), skipping the registration service improves performance in the system. The registration service is disabled by default. You can enable the registration service as shown in the following steps:

  1. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the b4p-coordination-config.xml file.
  2. Set the RegistrationServiceEnabled entry to true.

    <RegistrationServiceEnabled>true</RegistrationServiceEnabled>
  3. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the humantask.xml configuration file.
  4. Set the TaskRegistrationEnabled entry to true.

    <TaskRegistrationEnabled>true</TaskRegistrationEnabled>

Configuring load balancer for human task coordination

If task processors are clustered, use the following configuration to enter the URL for the load balancer.

  1. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the b4p-coordination-config.xml file.
  2. Uncomment the ClusteredTaskEngines entry and set LoadBalancerURL as follow.

    <ClusteredTaskEngines>
    	<LoadBalancerURL>http://bps.loadblancer-url.com</LoadBalancerURL>
    </ClusteredTaskEngines>
  3. Navigate to the <PRODUCT_HOME>/repository/conf/ directory in your local machine and open the humantask.xml configuration file.
  4. Uncomment the ClusteredTaskEngines entry and set LoadBalancerURL as follow.

    <ClusteredTaskEngines>
    	<LoadBalancerURL>http://bps.loadblancer-url.com</LoadBalancerURL>
    </ClusteredTaskEngines>

Fault Protocol Messages are not generated by the Task Engine as the Task engine does not generate faults during the execution of a task.

  • No labels