Blog Posts BPMN CMMN DMN Execution Methodology

Building your own Flowable Spring Boot Application

Blog: Flowable Blog

During our last community event (FlowFest 2018 hosted by Dow Jones), I gave a demo on how to build your own Flowable Spring Boot Application from scratch. You can find the video here and the code for this blog post can be found here.

In this blog post we’re going to cover how we can create a base Spring Boot Application and convert it into a Flowable application that can run the different engines embedded or with the full REST API.

Before we get started, let’s first explain what Spring Boot is. Spring Boot is a framework that makes it easy to create standalone, production-ready Spring based Applications that you can just run. Applications can be started by using java -jar or the using more traditional WAR deployments. The main goals of the framework are:

Flowable has had support for Spring Boot since the beginnings of the framework. Actually, the first official Flowable support for Spring Boot was released just one month after the release of Spring Boot 1.0. We have kept on track with the latest releases of Spring Boot and have provided support shortly after each release. With Flowable 6.3.0 we added support for Spring Boot 2.0 and expanded it to all the Flowable engines (BPMN, CMMN, DMN). On top of that, we migrated our UI applications (flowable-task, flowable-idm, flowable-modeler and flowable-admin) and our flowable-rest application to Spring Boot 2.0. If you want to read more about that endeavor have a look at The road to Spring Boot 2.0 blog post.

Getting started

Hopefully, you now have a better understanding of Spring Boot, so we can start with creating our application. The first step is to go to Spring Initializr and pick our base dependencies.



We’re going to create a Java Maven Project with Spring Boot 2.1.1 and add the web, security, actuator, devtools and h2 dependencies. Go ahead and click the “Generate Project” button, which will download a zip file that contains all the base elements for our application. Unpackage the zip file and import the project into your favourite IDE; you can also just build the project by doing ./mvnw install. Once you’ve imported the project into your IDE you can run the application (if you’re using IntelliJ, like me, then you should be able to see the run configuration for the application).

Currently, this is an empty application that has the actuators exposed and not much more. We can go to localhost:8080/actuator/ to see which actuators (production ready features) are available. As we added the security dependency, a default login screen will show up. We can login using the username “user” and the password that was generated in the log file (look for “Using generated security password” to spot the password). To have all actuator endpoints exposed we need to add:


in our The first property will expose all actuator endpoints over REST and the second one will display a more detailed health endpoint.

Customising our application

Let’s add some custom code to our application. We are first going to add a HelloController. The controller looks like:


public class HelloController {

    public String hello(Principal principal) {
        return "Hello " + principal.getName() + "!";

We can go to localhost:8080/hello and see the result. The controller will do nothing more than just print out hello to the currently logged in user.


Use Flowable in the application

In order to make this a Flowable application we only need to add:


With this, we will get the complete Flowable REST API. If we didn’t want the Flowable REST API to be exposed, we could use the flowable-spring-boot-starter artifact. When using the Flowable starters, the Flowable default security configuration will kick in. What does this mean? It means that a default Spring Security UserDetailsService that uses the Flowable IdmIdentityService will be enabled and users will be loaded through there. On top of that, a Spring Security PasswordEncoder will be registered. This is used to encode the user passwords when creating a user and to check if the passwords the users used when logging in matches the one stored in our system. In order to follow the Spring Security best practices we’re going to add


to our Using this property, the DelegatingPasswordEncoder from Spring Security will be used. This encoder allows us to be more flexible when updating and changing encoders, as it adds the passwords with a hint to which encoder needs to be used to perform the password match. We will also add a simple CommandLineRunner (a Spring Boot bean that will be executed after the application starts) that will create the initial users:

public class UserCreatorCommandLineRunner implements CommandLineRunner {

    protected final IdmIdentityService idmIdentityService;

    public UserCreatorCommandLineRunner(IdmIdentityService idmIdentityService) {
        this.idmIdentityService = idmIdentityService;

    public void run(String... args) {

        if (idmIdentityService.createPrivilegeQuery().privilegeName("ROLE_REST").count() == 0) {
            Privilege restPrivilege = idmIdentityService.createPrivilege("ROLE_REST");
            idmIdentityService.addUserPrivilegeMapping(restPrivilege.getId(), "flowfest-rest");

        if (idmIdentityService.createPrivilegeQuery().privilegeName("ROLE_ACTUATOR").count() == 0) {
            Privilege restPrivilege = idmIdentityService.createPrivilege("ROLE_ACTUATOR");
            idmIdentityService.addUserPrivilegeMapping(restPrivilege.getId(), "flowfest-actuator");

    protected void createUserIfNotExists(String username) {
        if (idmIdentityService.createUserQuery().userId(username).count() == 0) {
            User user = idmIdentityService.newUser(username);

When using the FlowableUserDetailsService the privileges of the users / groups are going to get mapped into Spring Security GrantedAuthority. Finally, we’re going to add a custom SecurityConfiguration that will change the default Spring Security configuration:

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
            .requestMatchers(, HealthEndpoint.class)).permitAll()

With this configuration we’re only going to use HTTP Basic authentication, be stateless, permit all users to access the info and health actuator endpoints, permit only users with the ACTUATOR role to access the rest of the actuator endpoints, permit only users with the REST role to access the Flowable REST APIs and, finally, allow all authenticated users to access the rest of the API.

Now we can restart the application. In the logs we can see more things happening. The Flowable DB tables and REST servlets will get initialised and the users will be created. When accessing the hello controller as above, we’ll get a popup for the login, we can login with one of the users and will see its name in the result. The REST Servlets are also available under:

We can also inject the Flowable services into our own beans and REST controllers. We’re going to add a new Controller that will display the keys of all the latest process definitions:

public class DefinitionsController {

    protected final RepositoryService repositoryService;

    public DefinitionsController(RepositoryService repositoryService) {
        this.repositoryService = repositoryService;

    public List latestDefinitions() {
        return repositoryService.createProcessDefinitionQuery()


Deploying resources

We’ve shown how we can setup a base Flowable Spring Boot application. Now we’re going to show how processes / cases / decisions can be auto-deployed from our application. When using the Flowable Spring Boot auto configuration, resources in certain folders on the classpath are automatically scanned and deployed. The scanned folders are:


Wrapping up

In this blog post we’ve shown how we can create our own custom Flowable Spring Boot Application. Creating an application with the REST endpoints exposed is just the same as using the standard flowable-rest application. We’ve shown how we can customize the security configuration, how we can auto-deploy resources when the application starts and how we can use the Flowable Services in our own Java logic.


What’s Next

In the next post we’re going to show how we can use Spring Cloud in the application we just built.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples