Skip to Content

 

 

 

In this portion of the blog series, I am going cover the workflow aspects. Before you get started, I would highly recommend you to follow this blog on “Getting started with the Workflow service in the free Trial account” by Christian Loos. If you want to know more about different features which are available in the workflow service, you can check out this blog – “Model your workflow scenarios in the Cloud

To begin with, I have created a workflow project using the wizard in SAP WebIDE.

I have created a workflow with four tasks as shown below. The Start UI (which we will build in the next blog) will trigger this workflow by passing a context. The script task “Prepare for Rules” will read the context and invoke API calls for the Rules service. The actual invocation of the Rule service API will happen in the task “Invoke Rules”. The output of the rules will be processed in the “Process Rules Output” task before the flow goes to the custom Task UI called “UI for Approval”. The last step is where an approver will get to see workflow item in My Inbox Fiori app. Let’s get into the details of each step.

Prepare for Rules

This is a script task which reads the workflow context and extracts the organization name which is the email domain. Once the vendor organization name is extracted, I am preparing an input payload which needs to be made available in the next step.

Notice that I have provided “User” as the value for the “__type_” property. This would use the User Data object created earlier in the Business Rules service.

There are a set of REST APIs available to work with SAP Cloud Platform Business Rules runtime.

You can browse through them and view the documentation and sample payloads. In the below example, the highlighted text refers to the input data objects created in the Business Rules service and the remaining properties in the payload would represent the attributes of the data object.

Invoke Rules:

This is a service task which allows us to make a HTTPS call. Before we begin, we need to maintain a new destination in the SAP Cloud Platform cockpit. There is a current limitation with AppToAppSSO between Business Rules and Workflow service. Hence, look for the destination “bpmrulesruntime”. This would be already available once you activated the rules service. Copy the destination and change the authentication type to “BasicAuthentication” as shown below.

In the service task properties, there are several properties which need to be maintained.

1 – The name of the new destination created in the SAP CP cockpit

2 – Path to invoke the business rules API. Notice that it needs to have the parameter <project-name>::<rule-service-name>

3 – The HTTP method is set to POST. If we were to do the same using REST Client, we would first have to issue a GET to get the XSRF-Token and then use the token in the header when issuing a POST. I like this feature as this is simplified in the Service task and you just have to make one call.


4 – The input context which has been prepared in the earlier step

5 – The output of the REST API call will be assigned to the response variable

 

Process Rules Output

This task is another script task. I have used this to assign the Organization name to proper context variable and finally converted the userID (obtained) from business rules to uppercase. Remember, the recipient names in the UI Task as case-sensitive.

UI for Approval

This task is a custom task UI which will show up to an approver in My Inbox App.

In the “Display Text” tab, I have provided a subject and description. Both of these will show up in My Inbox App. Hence, to provide more context to the approver, I have reference the variable to display the user’s first name and their organization.

In the “Recipients” tab, rather than hardcoding an approver, I have populated it based on the variable populated using the REST API call.

In the “User Interface” tab, I have provided the below values

1 – Name of my HTML5 app name (You can find this in SAP CP cockpit under HTML5 Applications menu)

2 – Location of the component

3 – Name of the SAPUI5 component (without the word component)

I have used WebIDE to create a custom Task UI to support this. This is shown below. Notice that I have highlighted the objects which have been used in the above step.

I have uploaded the project into github for you to view the complete source code.

In the XML view file, I have populated all the user information which is available in the workflow context for the approver to visualize it in My Inbox App.

SAP Cloud Platform workflow service provides REST APIs which can be used by applications to interact with the service.

In the component.js file, it’s important to understand that the taskID is extracted from Start-up parameters and provided as input to a REST API call for the Workflow service. This call will fetch all the context values available against this taskID and will ultimately populate those values in the UI.

With this we have completed the build of a workflow project. Select the file and deploy it to SAP Cloud Platform. I have exported the workflow project and added it to the github project. If you wish to, you can import this into WebIDE to explore the configuration.

In the next part, I will show you how to use the Workflow monitoring tools to trigger and test workflow instances. Stay tuned!

To report this post you need to login first.

9 Comments

You must be Logged on to comment or reply to a post.

  1. Wolfgang Röckelein

    Hi Murali,

    thanks for the great blog series!

    One question regarding the approval application: Both negative (https://github.com/murlionline/self-reg-ui/blob/master/webapp/approval/Component.js#L82) and positive action (https://github.com/murlionline/self-reg-ui/blob/master/webapp/approval/Component.js#L91) calls _refreshTask which calls createSCIUser (https://github.com/murlionline/self-reg-ui/blob/master/webapp/approval/Component.js#L168), so the user is also created on negative action?

    Also do have an idea on how to prevent a DOS attack on the StartUI application?

    Regards,

    Wolfgang

    (0) 
    1. Murali Shanmugham Post author

      Hi Wolfgang,

      Thanks.

      That’s a good pick.This is just a sample application to show how to use the workflow service. Obviously, the negative action  shouldn’t trigger an update of a user creation.

      With regard to DoS, that is part of the SAP Cloud Platform security capabilities – https://www.sap.com/documents/2017/05/a470d0b2-b87c-0010-82c7-eda71af511fa.html#

      Regards,

      Murali

      (0) 
      1. Wolfgang Röckelein

        Hi Murali,

        Yes, I know about the general dos protection, but I see an additional problem here.

        Since the user is only created after approval, startui needs to be accessible without authentication. So what prevents an evil user from creating (perhaps even automated with a script) a huge number of bogus requests (ie effectivly a dos attack)?

        Regards,

        Wolfgang

        (0) 
  2. Sunita Sudarshan

    Hi Murali,

    Why is there limitation with AppToAppSSO between Business Rules and Workflow service? Do you when this will be addressed? I wouldnt want to copy the destination and change the authentication mode.

    Thanks and Regards,

    Sunita

    (0) 
    1. Murali Shanmugham Post author

      Hi Sunita, I don’t know the exact timelines. There is work currently being done to make the integration with Business Rules tighter. I will let you know once I find more information on this.

       

      (0) 

Leave a Reply