Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: for the plan.

Jump to: navigation, search




This is a sample pipelet that gets and converts security information into

  • record's metadata to allow indexing in Lucene
  • a filter used in a query to restrict the results to the users that have READ access

The pipelet uses the service a, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored and the security information already contained in the record is just added to the specified readUsersAttributeName. (see below).


The pipelet is configured using the <PipeletConfiguration> section inside the <invokePipelet> activity of the corresponding BPEL file. It provides the following properties:

Property Type Description
readUsersAttributeName String Name of the attribute to store the users with READ access rights to. This attribute can then be indexed by Lucene.
resolveGroups Boolean Boolean flag determining whether groups should be resolved to their user principals (true) or not (false)
resolveUserNames Boolean Boolean flag determining whether user names should be resolved and replaced by the value described by resolvedUserNamePropertyName (true) or not (false)
resolvedUserNamePropertyName String Name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is set to true.

During execution, the pipelet uses the following required record metadata to decide how to handle a record:

Name Value Description
_executionMode INDEX or SEARCH INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering results according to security annotations


Pipelet configuration for SampleSecurityConverter

    <proc:invokePipelet name="sample securityConverter">
        <proc:pipelet class="" />
        <proc:variables input="request" output="request"/>
          <rec:Val key="readUsersAttributeName">ReadUsers</rec:Val>
          <rec:Val key="resolveGroups" type="boolean">true</rec:Val>
          <rec:Val key="resolveUserNames" type="boolean">true</rec:Val>
          <rec:Val key="resolvedUserNamePropertyName">displayName</rec:Val>

Back to the top