Security or application security in this context refers to protecting the services and data provided by jBPM from unauthorized access (authentication) and at the same time ensuring that the users can access the set of services and data authorized for them (authorization).
Another important perspective that we have to consider in a BPM system is providing non-repudiation for all the user interactions. jBPM supports this by providing an audit logging facility for all runtime data changes.
Non-repudiation assures that a user cannot deny performing an action or operation in the system.
jBPM, usually deployed in an application server, uses a JEE-compatible standard, that is, Java Authentication and ...