Component Features

API Reference

Task Synchronization APIs (CompositeApiParserController - /worknet/composite-api/parser)

Method	Endpoint	Description
POST	/runJob	Trigger a scheduled task pull job manually. Body: SystemSchedularConfigDto. Requires Authorization header
POST	/runJobApi	Trigger a job from a generic map payload
GET	/getDbYaml?systemId=&process=	Returns the DB structure YAML mapping for a given system and process
GET	/getJSONFile	Debug: fetches and returns OData JSON from a configured URL
POST	/updateDbYaml?fileName=	Pushes YAML content to Azure DevOps repository
POST	/flatten-json?referenceId=	Flattens a nested JSON into a flat key-value map for debugging
POST	/signUrl	Generates a DocuSign signing URL. Body: SignUrlPayloadDto. Returns signing/consent URL
POST	/getcompositecalldata	Returns raw composite API call data for a scheduler config
GET	/triggerAriba	Manually triggers the Ariba API integration
GET	/fetchSystemsConfigs?systemId=	Fetches scheduler configurations for a given system
POST	/onDemandJob	Ad-hoc job trigger for all configured systems for the logged-in user
POST	/forceUpdateToDb	Force-upserts provided data directly into DB tables. Body: ForceUpdateRequest with systemId and tables map

Task Action APIs (TaskActionController - /task)

Method	Endpoint	Description
POST	/actions	Primary task action endpoint. Extracts userId from JWT. Body: ActionDto with list of tasks and actions
POST	/userId/actions	Same as above but accepts userId as a header (for MS Teams integration)
POST	/processCancel	Cancels an entire process. Body: ProcessActionDto
POST	/get-email-ids	Resolves group IDs to email addresses via WorkAccess. Body: list of group IDs

Task Creation APIs (TaskCreationController - /task)

Method	Endpoint	Description
POST	/create	Creates a task via the composite API-based task creation service
GET	/dummy	Test endpoint that fetches all configured systems
POST	/createTask	Creates a task directly from a CreateTaskDo entity

Draft Process APIs (DraftProcessController - /v1/draft)

Method	Endpoint	Description
POST	/process	Creates a new draft process
DELETE	/process/{processId}	Deletes a draft by process ID
GET	/process/{processId}	Gets a draft by process ID
GET	/processByUser/{userId}	Gets all drafts for a user
GET	/processBySystem/{systemId}	Gets all drafts by source system
GET	/processName/{processName}	Gets drafts by process name
GET	/system/{systemId}/processName/{processName}	Gets drafts by system + process name

Scheduler Configuration APIs (SystemSchedularMasterController - /system-schedule)

Method	Endpoint	Description
POST	/config	Saves or updates system scheduler configurations. Body: list of SystemSchedularConfigDto
GET	/lastRunOn?schedulerId=	Returns last job run timestamps for a scheduler

CPI Response APIs (CPIResponseController - /v1/cpi)

Method	Endpoint	Description
POST	/cpiResponse	Receives CPI composite response, creates job log, processes result asynchronously
GET	/insertJobLog/{systemId}/{processId}	Creates a job log entry and returns its ID

API Configuration APIs (APIResponseController - /api)

Method	Endpoint	Description
GET	/fetchApis	Returns all configured external API endpoints

YAML Management APIs (YamlController - /v1/yaml)

Method	Endpoint	Description
POST	/upload	Uploads a YAML configuration file. Multipart: file + fileName + description
GET	/fetchAll	Lists all uploaded YAML files
DELETE/POST	/delete/{id}	Deletes a YAML file by ID
GET	/download/{id}	Downloads a YAML file as byte array

Platform APIs (PlatFormController - /v1/platform)

Method	Endpoint	Description
GET	/instance/credentials	Returns VCAP service credentials

WorkAccess Test APIs (WorkAccessTestController - /api/v1/test/work-access)

Method	Endpoint	Description
GET	/groups-by-user?email=	Gets group IDs for a user email
POST	/user-details	Gets user details for a list of user IDs
POST	/user-details-map	Gets user details as a map keyed by user ID
POST	/users-by-groups	Gets user IDs for a list of group IDs
POST	/users-basic-info	Gets basic info (name, email) for a list of emails
POST	/users-from-groups	Gets user emails from group IDs

SSE APIs (SSEController)

Method	Endpoint	Description
GET	/send/{userName}	Publishes an SSE event for a specific user
GET	/subscribe	SSE subscription endpoint (produces text/event-stream)

Data Model

Core Tables

CW_ITM_WN_TASKS

Column	Type	Description
TASK_ID	VARCHAR (PK)	Unique task identifier from source system
SYSTEM_ID	VARCHAR (PK)	Source system identifier
PROCESS_ID	VARCHAR	Parent process identifier
TASK_TYPE	VARCHAR	Type/category of the task
TASK_DESCRIPTION	VARCHAR	Human-readable task description
STATUS	VARCHAR	Source system status (READY, RESERVED, COMPLETED, CANCELED)
ITM_STATUS	VARCHAR	Internal ITM tracking status
PRIORITY	VARCHAR	Task priority level
CREATED_ON	TIMESTAMP	Task creation timestamp
DUE_DATE	TIMESTAMP	Task due date
COMPLETED_ON	TIMESTAMP	Task completion timestamp
COMPLETED_BY	VARCHAR	User who completed the task
UPDATED_BY	VARCHAR	Last modifier
UPDATED_ON	TIMESTAMP	Last modification timestamp
CREATED_BY	VARCHAR	Task creator

CW_ITM_WN_TASK_OWNERS

Column	Type	Description
TASK_ID	VARCHAR (PK)	Task identifier
SYSTEM_ID	VARCHAR (PK)	Source system identifier
OWNER_ID	VARCHAR (PK)	User ID or group ID
OWNER_TYPE	VARCHAR	"USER" or "GROUP"
IS_PRIMARY	LONG	1 = primary owner, 0 = secondary
CREATED_BY	VARCHAR	Creator
CREATED_ON	TIMESTAMP	Creation timestamp
UPDATED_BY	VARCHAR	Last modifier
UPDATED_ON	TIMESTAMP	Last modification timestamp

CW_ITM_WN_PROCESS

Column	Type	Description
PROCESS_ID	VARCHAR (PK)	Unique process identifier
SYSTEM_ID	VARCHAR	Source system
PROCESS_NAME	VARCHAR	Process type/name
PROCESS_STATUS	VARCHAR	Process status
PROCESS_DESCRIPTION	VARCHAR	Human-readable description
CREATED_BY	VARCHAR	Process creator
CREATED_ON	TIMESTAMP	Creation timestamp

CW_ITM_WN_TASK_ATTRIBUTES

Column	Type	Description
TASK_ID	VARCHAR (PK)	Task identifier
SYSTEM_ID	VARCHAR (PK)	Source system
ATTR_KEY	VARCHAR (PK)	Attribute name
ATTR_VALUE	VARCHAR/CLOB	Attribute value
CREATED_BY	VARCHAR	Creator
CREATED_ON	TIMESTAMP	Creation timestamp
UPDATED_BY	VARCHAR	Last modifier
UPDATED_ON	TIMESTAMP	Last modification timestamp

CW_ITM_WN_TASK_AUDIT

Column	Type	Description
AUDIT_ID	VARCHAR (PK)	Unique audit entry ID
SYSTEM_ID	VARCHAR	Source system
TASK_ID	VARCHAR	Task identifier
ACTION	VARCHAR	Action taken (APPROVE, REJECT, CLAIM, etc.)
IS_SUCCESS	INTEGER	1 = success, 0 = failure
FROM_OWNER	VARCHAR	User who performed the action
TO_OWNER	VARCHAR	Target user (for forward/claim)
COMMENT	VARCHAR	Action comment
CREATED_BY	VARCHAR	Creator
CREATED_ON	TIMESTAMP	When the action was taken
UPDATED_BY	VARCHAR	Last modifier
UPDATED_ON	TIMESTAMP	Last modification timestamp

CW_ITM_JOB_LOG (JobLogDo)

Column	Type	Description
ID	VARCHAR (PK)	UUID
SCHEDULER_ID	VARCHAR	Scheduler that triggered this job
ORIGIN	VARCHAR	Source system name
JOB_STATE	VARCHAR	Running, Completed, Failed, Not Processed
START_TIME	TIMESTAMP	Job start time
END_TIME	TIMESTAMP	Job end time
TIME_TAKEN	LONG	Duration in milliseconds
RECORD_COUNT	INTEGER	Number of records processed
MESSAGE	VARCHAR	Status message or error details
USER_ID	VARCHAR	User who triggered the job

Supporting Tables

• SystemMasterDo - Registry of connected source systems
• SystemSchedularConfigDo - Scheduler configurations (system, process, frequency, cron)
• DraftProcessDo / DraftProcessAttributesDo - Draft process storage
• YamlEntity - Uploaded YAML configuration files
• CreateTaskDo - Direct task creation entity

Core Business Logic Flows

Task Synchronization Pipeline (processResult)

Scheduler triggers job
		v
Composite API calls source system(s) -> gets raw JSON response
		v
CompositeApiParserServiceImpl.processResult():
		v
1. Load DB structure YAML (maps JSON paths -> DB columns)
2. Load custom attribute config (special field handling)
3. For each composite response:
	 a. Parse JSON response
	 b. Flatten nested JSON into key-value map
	 c. Filter to only required keys (from YAML config)
	 d. Create hash map indexed by record number
	 e. Handle system-specific logic
	 f. Handle custom attributes (from customattribute.yaml)
	 g. Merge with previous response maps
	 h. Clean flat map (remove prefixes)
4. Convert flat map to table-specific data
5. Batch upsert into database tables
6. Execute delta changes
7. Update job log with record count and status
8. On failure: send notification email to admin

Task Action Flow (taskAction)

POST /task/actions
Body: { isAdmin, tasks: [{ taskId, systemId, action, comment, forwardOwners, ... }] }
Header: Authorization: Bearer <jwt>

1. Extract userId from JWT token
2. Fetch task attributes for all task IDs
3. Fetch user's group memberships from WorkAccess
4. For each task:
	 a. Fetch current status and owners from DB
	 b. Validate authorization
	 c. Check for re-action
	 d. Route by action type (CLAIM/FORWARD/RELEASE/SEND_BACK/RESUBMIT/DEFAULT)
	 e. Insert audit record
	 f. Insert comment (if provided)
5. Send notifications for successful actions (async)
6. AOP @After advice triggers cache eviction (async)

DocuSign Signing URL Flow

POST /worknet/composite-api/parser/signUrl
Body: { taskId, envelopeId, systemId }

1. Extract userId from JWT
2. Load action config YAML (systemId + "_SIGN")
3. Fetch DocuSign user mapping from task attributes
4. Build return URL
5. Load DocuSign composite API YAML
6. Load DocuSign account details
7. Generate JWT assertion token (RSA256)
8. Set assertion token in composite request
9. Execute composite API
10. If consent_required: return consent redirect URL
11. Otherwise: return signing URL

Cache Eviction Flow (AOP-driven)

After any task action (via AspectUtil @After advice):
1. Extract ActionDto and authorization from method args
2. AsyncExecuter.asyncMethodWithReturnType() runs in background:
	 a. Get all task IDs from the action
	 b. Query task owners from DB
	 c. Separate owners into USER list and GROUP list
	 d. Resolve GROUP IDs to user emails via WorkAccess API
	 e. Combine all affected user IDs
	 f. Call ITM: POST /cacheEvict/evictForUserList

External Integrations

ITM (Task Center)

Direction	When	What
Outbound	After task action	Cache eviction: POST /cacheEvict/evictForUserList
Outbound	After task sync	Cache eviction for affected users
Outbound	DocuSign signing	Return URL points to ITM eviction endpoint

Flowable (Native Workflow)

Direction	When	What
Outbound	Task action (Flowable tasks)	Complete/claim/release/forward via Flowable custom API
Inbound	Scheduled sync	Pull tasks from Flowable engine

WorkAccess / SAP IAS

Direction	When	What
Outbound	Task action validation	Resolve user's group memberships
Outbound	Cache eviction	Resolve group IDs to user emails
Outbound	Token acquisition	Get service-to-service token

Notification / Messaging Service

Direction	When	What
Outbound	After task action	POST /v1/notification/manageNotification
Outbound	New task sync (adhoc)	POST /v1/notification/sendNotification
Outbound	Job failure	Failure notification email to admin
Outbound	Job completion	POST /v1/job/processJob

Composite API Service (worknet-composite-api library)

Direction	When	What
Internal	Task sync	Orchestrates multi-step API calls to source systems
Internal	Task actions	Orchestrates action API calls to source systems
Internal	DocuSign signing	Orchestrates token + signing URL generation

SAP Destination Service

Direction	When	What
Outbound	On startup	Resolve ITM URL from destination config
Outbound	On WorkAccess calls	Resolve WorkAccess URL + exchange token

Spring Cloud Config Server

Direction	When	What
Inbound	On startup	Loads configuration properties
Inbound	YAML loading	Loads YAML configs (if readYamlFromConfig profile active)

Error Handling

• All controllers wrap responses in ResponseMessage or ResponseDto with status, statusCode, message
• Task actions return per-task status in a list (partial success is possible)
• Job failures are logged to CW_ITM_JOB_LOG with error message and stack trace info
• Job failures trigger admin email notification via messaging service
• Composite API errors are parsed for system-specific error messages
• HTTP status codes: 200 (success), 401 (unauthorized), 500 (internal error)

Async Operations

Enabled via @EnableAspectJAutoProxy and @EnableScheduling on the application class:

1. Cache eviction (AsyncExecuter.asyncMethodWithReturnType)
2. Process cancel cache eviction (AsyncExecuter.asyncMethodForProcess)
3. Notification dispatch (AsyncExecuter.callNotificationService)
4. Failure notification (AsyncExecuter.callNotificationServiceForFailure)
5. Job details forwarding (AsyncExecuter.sendJobDetailsToMessagingService)
6. Task sync processing (CPIResponseController.cpiResponse)
7. Custom delegate actions (TaskActionServiceImpl default case)

AOP (Aspect-Oriented Programming)

AspectUtil intercepts task action controller methods:

Pointcut	Advice	What It Does
TaskActionController.taskActions(..)	@After	Extracts ActionDto -> triggers async cache eviction
TaskActionController.teamsActions(..)	@After	Same as above (for Teams integration)
TaskActionController.processCancel(..)	@After	Extracts ProcessActionDto -> triggers async cache eviction for all process tasks

Scheduler System

WorkNet uses Spring's ThreadPoolTaskScheduler (pool size: 10) for automated task pulling.

SchedulerConfig

• Dynamically registers scheduled tasks based on SystemSchedularConfigDo entries
• Each scheduler has a cron expression defining run frequency

SchedulerServiceImpl

• runJob(): Executes composite API calls to source systems, processes results
• runJobApi(): Same as runJob but accepts generic map input
• getcompositecalldata(): Returns raw composite call data for debugging
• azurePush(): Pushes YAML content to Azure DevOps repository
• getLastRunOn(): Returns last run timestamps for schedulers

Batch Upsert Engine

JdbcBatchRepositoryImpl handles high-performance database operations:

1. For each table in the data map:
   • Dynamically generate UPSERT SQL
   • Apply data type conversions based on ApplicationConstants
   • Execute in batches for performance
2. Supports both SAP HANA and MySQL databases
3. System ID is injected as a column value for multi-tenant isolation

Server-Sent Events (SSE)

SSEController provides real-time push updates:

• Uses Reactor's Sinks.Many (multicast with backpressure buffer)
• Publish: GET /send/{userName} -> emits event to all subscribers
• Subscribe: GET /subscribe -> returns Flux<ServerSentEvent<String>>
• Events include: ID (timestamp), event name ("periodic-event"), data, comment

Custom Delegate System

The CustomDeligate interface and IntakeImplementation provide extensibility:

• After a Flowable task action (default case), the system calls customDeligateImplementation.implementAction()
• This runs asynchronously via CompletableFuture.runAsync()
• Current implementation: JnJ IntakeRequest dynamic task creation
• New custom behaviors can be added by implementing the CustomDeligate interface

Observability

• Actuator: Spring Boot Actuator endpoints enabled (health, info, env)
• Logging: SLF4J with Lombok's @Slf4j annotation
• Job Logs: Every scheduler run is logged to CW_ITM_JOB_LOG
• Structured logging: Class name + method name in log messages
• Performance logging: Execution time tracked for composite API calls, actions, signing URLs

Maven Dependencies

Internal (from Azure DevOps Artifacts)

Repository: https://pkgs.dev.azure.com/InctureProducts/_packaging/Workbox/maven/v1

com.cherrywork:iwm-security-adapter:0.0.3-SNAPSHOT
com.cherrywork.worknet:worknet-composite-api:0.0.7-SNAPSHOT

Key External Dependencies

org.springframework.boot:spring-boot-starter-web
org.springframework.boot:spring-boot-starter-data-jpa
org.springframework.boot:spring-boot-starter-webflux
org.springframework.boot:spring-boot-starter-aop
org.springframework.boot:spring-boot-starter-actuator
org.springframework.cloud:spring-cloud-starter-config
com.sap.cloud.db.jdbc:ngdbc:2.23.10
com.mysql:mysql-connector-j
org.apache.commons:commons-text:1.15.0
org.apache.tomcat.embed:tomcat-embed-core:11.0.15
com.fasterxml.jackson.core:jackson-databind
com.fasterxml.jackson.datatype:jsr310
org.projectlombok:lombok

API Request/Response Examples

Run Job (POST /worknet/composite-api/parser/runJob)

Request:

{
	"schedulerId": "SCHED_001",
	"systemId": "Flowable",
	"processName": "purchase_approval",
	"applicationId": "1784"
}

Header: Authorization: Bearer <jwt_token>

Response: 200 OK - "Running Job"

Task Action (POST /task/actions)

Request:

{
	"isAdmin": false,
	"tasks": [
		{
			"taskId": "task-12345",
			"systemId": "Flowable",
			"processName": "purchase_approval",
			"taskType": "Approval Task",
			"action": "approve",
			"comment": "Looks good, approved.",
			"userId": "john@company.com",
			"isSubstitutedToMe": false
		}
	]
}

Response:

{
	"status": "SUCCESS",
	"statusCode": "200",
	"message": "Tasks action performed successfully!",
	"data": [
		{
			"status": "SUCCESS",
			"statusCode": "SUCCESS",
			"message": "Task(task-12345) approved successfully!"
		}
	]
}

Forward Task (POST /task/actions)

{
	"isAdmin": false,
	"tasks": [
		{
			"taskId": "task-12345",
			"systemId": "Flowable",
			"action": "forward",
			"userId": "john@company.com",
			"forwardOwners": [
				{ "ownerId": "jane@company.com", "ownerType": "USER" }
			]
		}
	]
}

Process Cancel (POST /task/processCancel)

{
	"processId": "proc-67890",
	"systemId": "Flowable",
	"action": "CANCEL"
}

DocuSign Sign URL (POST /worknet/composite-api/parser/signUrl)

Request:

{
	"taskId": "docusign-task-001",
	"envelopeId": "env-12345",
	"systemId": "DocuSign"
}

Response:

{
	"signingUrl": "https://demo.docusign.net/Signing/...",
	"type": "SIGNIN",
	"envelopeId": "env-12345",
	"status": 200,
	"message": "Signing URL fetched"
}

Create Draft (POST /v1/draft/process)

{
	"processId": "draft-001",
	"systemId": "Flowable",
	"processName": "purchase_request",
	"userId": "john@company.com",
	"attributes": [
		{ "attrKey": "requestTitle", "attrValue": "New Laptop" },
		{ "attrKey": "amount", "attrValue": "1500" }
	]
}

Force Update (POST /worknet/composite-api/parser/forceUpdateToDb)

{
	"systemId": "CUSTOM_SYSTEM",
	"tables": {
		"CW_ITM_WN_TASKS": [
			{
				"TASK_ID": "custom-task-001",
				"STATUS": "READY",
				"TASK_TYPE": "Approval"
			}
		]
	}
}

Validation: systemId must match pattern ^[A-Z0-9_]{2,30}$

Database Support & Data Type Handling

Supported Databases

Database	Profile	Driver	Notes
SAP HANA	configDB or vcapDB	com.sap.db.jdbc:ngdbc	Primary production database
MySQL	configDB	com.mysql:mysql-connector-j	Alternative database

Data Type Constants

Constant	SQL Type	Handling
NVARCHAR, VARCHAR, STRING, CHAR	String	Quoted with single quotes, special chars escaped
DATE	Date	Formatted and quoted
TIMESTAMP, DATETIME	Timestamp	Formatted and quoted
INT, INTEGER, TINYINT	Integer	Unquoted numeric
BOOLEAN	Boolean	Unquoted
DECIMAL, DOUBLE, FLOAT	Decimal	Unquoted numeric
CLOB, LOB	Large Object	Quoted string

Known Design Notes

1. Dual action API: taskAction() and taskActionV2()
2. Composite API pattern: All source system interactions go through composite API orchestration
3. YAML-driven mapping: DB mapping and action configs are in YAML
4. Dual DB support: SAP HANA and MySQL supported via db.type
5. AOP cache eviction: Automatic via AspectJ @After advice
6. System-specific branching: Extensive system logic in TaskActionServiceImpl
7. Custom delegate extensibility: CustomDeligate for customer logic
8. Token dual-path: XSUAA client credentials vs WorkAccess token APIs
9. Delta sync: Each scheduler run determines creates/updates/completions
10. Owner resolution chain: user -> group -> admin -> substitution