CN-122018866-A - Camunda flow engine-based dynamic expandable service node management method

Abstract

The invention discloses a service node management method capable of being dynamically expanded based on Camunda flow engines, which belongs to the technical field of electric digital data processing and comprises the steps of uniformly configuring service flow nodes to point to proxy entrusting classes, inquiring an external mapping table based on execution context to obtain service logic unit identifiers, obtaining metadata from a logic registry according to the identifiers, dynamically loading and instantiating service logic realization classes through a sandbox class loader, driving service logic execution through a security context object only exposing a whitelist method, and recording full-link audit logs. The method realizes structural decoupling of the flow definition and the business logic, ensures that the business change does not need to modify the flow definition, supports dynamic replacement and gray release, ensures isolated operation of dynamic codes and safe and stable engine through sandbox isolation and security agents, combines audit trails and fusing mechanisms, and improves observability, reliability and operation and maintenance efficiency of the system.

Inventors

• SUN HAIDONG
• XU KAIKAI

Assignees

• 苏州瑞泰信息技术有限公司

Dates

Publication Date

20260512

Application Date

20260119

Claims (10)

1. 1. A method for managing a service node capable of being dynamically expanded based on Camunda flow engine is characterized by comprising the following steps: s1, configuring service nodes in a service flow, and enabling the service nodes to point to a unified proxy class when executing the service nodes to serve as call entries of all dynamic expansion logics; s2, when the proxy delegation class is called by the flow engine, inquiring an externally stored mapping table based on a flow definition identifier, a version and a node identifier in the current execution context to obtain a service logic unit identifier to be executed currently, wherein the mapping table is independent of the flow definition storage and is used for establishing a binding relation between a flow node and a specific service logic identifier under a specific version and tenant, and controlling the enabling and disabling of mapping through a state field; S3, based on the service logic unit identification, obtaining logic unit metadata from a logic registry, and dynamically loading and instantiating a target service logic implementation class by using a sandbox class loader based on the dependency resources declared in the logic unit metadata; S4, transmitting the packaged security context object into a standardized execution interface of the instantiation object to drive and run business logic, wherein the security context object carries out proxy and package on the native engine context, and only exposes a white list method; s5, before and after the business logic is executed, recording an audit log containing the whole process tracking identification.
2. 2. The method for dynamically expandable service node management based on Camunda flow engine as set forth in claim 1, wherein querying the external mapping table to obtain service logic unit identification specifically includes: analyzing and extracting a flow definition key, a flow definition version, an active node identifier and a tenant identifier from an execution context; querying a record with the activated state in the external mapping table by taking the flow definition key, the flow definition version, the active node identifier and the tenant identifier as query conditions; The flow definition version field in the external mapping table supports storing a specific version number or node identification; when inquiring, the records with completely equal flow definition versions are preferentially matched, and if the records are not found, the matched flow definition versions are the records of the node identification.
3. 3. The method for dynamically managing expandable service nodes based on Camunda flow engine according to claim 1, wherein before dynamically loading and instantiating the target service logic implementation class by the sandbox class loader based on the logic unit metadata, the method further comprises: And carrying out security check on the logic unit metadata, wherein the security check at least comprises the following steps: Checking whether the current time is within an effective time window of the metadata declaration; Verifying the digital signature in the metadata by using a preset public key to verify the integrity and the source of a logic unit JAR package; And detecting the implementation class in the logic unit JAR packet based on the byte code security scanning, and preventing the code containing the preset dangerous operation from being loaded.
4. 4. The method for dynamically managing the expandable service nodes based on Camunda flow engine according to claim 3, wherein the dynamically loading and instantiating the target service logic implementation class by the sandbox class loader specifically comprises the following steps: creating a dedicated sandbox class loader instance according to the dependency resource list in the logic unit metadata, wherein the sandbox class loader is configured to load classes only from specified resource positions and is granted with a preset minimum operation authority set; loading a service implementation class specified in the metadata through the sandbox class loader; And creating an object instance through reflecting and calling a construction function of the service implementation class, and converting the object instance into a predefined standardized execution interface type.
5. 5. The method for dynamically expandable service node management based on Camunda flow engine as set forth in claim 1, wherein the security context object encapsulates the native engine context object through proxy mode, and specifically comprises: holding a reference to the original execution context object inside the security context object; The method for exposing the security context object is a subset which is subjected to white list filtering, wherein the subset only comprises one or more of obtaining a flow variable, setting a flow variable, obtaining a flow instance identifier, obtaining an active node identifier, obtaining a tenant identifier and obtaining a service key; Intercepting and checking the method call of the security context object, and delegating the call to the original execution context object for execution only when the calling method is located in the white list.
6. 6. The method for dynamically expanding service node management based on Camunda flow engine, wherein before the driving running service logic, further comprises: Injecting a standardized adapter interface implementation of system management into the security context object or as a parameter transfer; Wherein the business logic implements all access operations to external resources in the code that must be accomplished through the methods provided by the standardized adapter interface.
7. 7. The method for dynamically expandable service node management based on Camunda flow engine in claim 1, wherein the method for dynamically expandable service node management is characterized by recording an audit log containing a whole process tracking identifier, and specifically comprises the following steps: After obtaining the service logic unit identification, generating a globally unique execution tracking identification; Recording an execution start audit log, wherein the content of the execution start audit log at least comprises an execution tracking identifier, a flow instance identifier, a flow definition key and version, an active node identifier, a tenant identifier, a logic unit identifier and a timestamp; After the business logic is executed, an execution ending audit log is recorded, and the content of the execution ending audit log at least comprises the execution tracking identification, an ending time stamp, the execution time consumption and the execution result state.
8. 8. The method for dynamically expandable service node management based on Camunda flow engine in claim 7, further comprising executing a fusing mechanism: Maintaining a failure counter keyed by a logical unit identification; And when the accumulated execution failure times of a certain logic unit exceeds a threshold value in a preset time window, automatically sending an instruction to a data source for managing the external mapping table, and updating all record states which point to the logic unit identification and are activated in the mapping table into forbidden or isolated states.
9. 9. The method for dynamically expandable service node management based on Camunda flow engine in claim 1, further comprising a multi-level cache policy: Implementing multi-level caching including thread local caching, application process in-process heap caching and distributed caching, wherein the multi-level caching is used for caching one or more of mapping relations queried from the external mapping table and logic unit metadata acquired from the logic registry; when the record of the external mapping table or the logical unit metadata is updated, a cache miss event is issued to clear the associated cache entry.
10. 10. The method for dynamically expandable service node management based on Camunda flow engine as recited in claim 1, wherein the sandbox class loader is created according to tenant identification, so that service logic implementation classes of different tenants operate in a class loading space isolated from each other.

Description

Camunda flow engine-based dynamic expandable service node management method Technical Field The invention relates to the technical field of electric digital data processing, in particular to a dynamic expandable service node management method based on Camunda flow engine. Background In the continuous pushing process of enterprise-level business process automation and digital transformation, a lightweight open source workflow engine represented by Camunda is widely applied to a plurality of key industries such as finance, manufacturing, government affairs and the like due to good embeddability. The flow engine can abstract complex business rules into a visual flow model, and drive business nodes to circulate according to preset logic through a standardized execution mechanism, so that standardization, traceability and high-efficiency coordination of a business process are realized. In the process engine, the business logic is generally injected into a specific active node in the process definition in the form of Java delegated class, and is dynamically invoked by the engine during running to complete core operations such as data verification, external system interaction or state change. The developer needs to strictly follow the interface specification provided by Camunda to write the service implementation class, and explicitly specify the full-limit name of the implementation class through the attribute in the corresponding BPMN 2.0 XML definition file. The method has the remarkable advantages that the method ensures the strong consistency between the flow execution path and the business logic in the early application scene, simplifies the development and debugging process, and provides the safety guarantee of the compiling period by depending on a static type system of Java language. Accordingly, once the process definition is deployed, the process definition is solidified into an invariable version entity by an engine, and all the process instances started based on the version are strictly bound to the process structure and node implementation at the deployment moment in the life cycle of the process instance, so that the execution certainty and the transaction integrity of the long-period business process are ensured. However, with the increasing demand for business agility, hard-coded binding based mechanisms expose their inherent limitations, and any modification to single node business logic must recompile, package and deploy the entire flow definition. Because Camunda adopts an immutable policy on the deployed flow definition, the new version definition cannot be automatically applied to the running old flow instance, so that the defect repair or the function upgrading is difficult to seamlessly cover all instances, a large amount of condition compatible logic is introduced, and the complexity and the risk of operation and maintenance are increased. Disclosure of Invention The invention overcomes the defects of the prior art and provides a service node management method capable of being dynamically expanded based on Camunda flow engines. In order to achieve the purpose, the technical scheme adopted by the invention is that the method for managing the dynamically expandable service node based on Camunda flow engine comprises the following steps: s1, configuring service nodes in a service flow, and enabling the service nodes to point to a unified proxy class when executing the service nodes to serve as call entries of all dynamic expansion logics; s2, when the proxy delegation class is called by the flow engine, inquiring an externally stored mapping table based on a flow definition identifier, a version and a node identifier in the current execution context to obtain a service logic unit identifier to be executed currently, wherein the mapping table is independent of the flow definition storage and is used for establishing a binding relation between a flow node and a specific service logic identifier under a specific version and tenant, and controlling the enabling and disabling of mapping through a state field; S3, based on the service logic unit identification, obtaining logic unit metadata from a logic registry, and dynamically loading and instantiating a target service logic implementation class by using a sandbox class loader based on the dependency resources declared in the logic unit metadata; S4, transmitting the packaged security context object into a standardized execution interface of the instantiation object to drive and run business logic, wherein the security context object carries out proxy and package on the native engine context, and only exposes a white list method; s5, before and after the business logic is executed, recording an audit log containing the whole process tracking identification. In a preferred embodiment of the present invention, the querying the external mapping table to obtain the service logic unit identifier specifically includes: analyzing and extracting a flow d