@RequestMapping("/form/embed")
  public String embedForm(
      ModelMap model,
      HttpServletRequest request,
      HttpServletResponse response,
      @RequestParam("_submitButtonLabel") String buttonLabel,
      @RequestParam("_json") String json,
      @RequestParam("_callback") String callback,
      @RequestParam("_setting") String callbackSetting,
      @RequestParam(required = false) String id,
      @RequestParam(value = "_a", required = false) String action)
      throws JSONException, UnsupportedEncodingException {
    FormData formData = new FormData();
    if (id != null && !id.isEmpty()) {
      formData.setPrimaryKeyValue(id);
    }
    Form form = formService.loadFormFromJson(json, formData);

    AppDefinition appDef = AppUtil.getCurrentAppDefinition();
    String appId = "";
    String appVersion = "";
    if (appDef != null) {
      appId = appDef.getAppId();
      appVersion = appDef.getVersion().toString();
    }
    String nonce = request.getParameter("_nonce");
    if (form == null
        || !SecurityUtil.verifyNonce(
            nonce,
            new String[] {"EmbedForm", appId, appVersion, form.getPropertyString("id"), nonce})) {
      response.setStatus(HttpServletResponse.SC_FORBIDDEN);
      return null;
    }

    if (callbackSetting == null || (callbackSetting != null && callbackSetting.isEmpty())) {
      callbackSetting = "{}";
    }

    form.setProperty(
        "url",
        "?_nonce="
            + URLEncoder.encode(nonce, "UTF-8")
            + "&_a=submit&_callback="
            + callback
            + "&_setting="
            + StringEscapeUtils.escapeHtml(callbackSetting)
            + "&_submitButtonLabel="
            + StringEscapeUtils.escapeHtml(buttonLabel));

    if (form != null) {
      // if id field not exist, automatically add an id hidden field
      Element idElement = FormUtil.findElement(FormUtil.PROPERTY_ID, form, formData);
      if (idElement == null) {
        Collection<Element> formElements = form.getChildren();
        idElement = new HiddenField();
        idElement.setProperty(FormUtil.PROPERTY_ID, FormUtil.PROPERTY_ID);
        idElement.setParent(form);
        formElements.add(idElement);
      }

      // create new section for buttons
      Section section = new Section();
      section.setProperty(FormUtil.PROPERTY_ID, "section-actions");
      Collection<Element> sectionChildren = new ArrayList<Element>();
      section.setChildren(sectionChildren);
      Collection<Element> formChildren = form.getChildren(formData);
      if (formChildren == null) {
        formChildren = new ArrayList<Element>();
      }
      formChildren.add(section);

      // add new horizontal column to section
      Column column = new Column();
      column.setProperty("horizontal", "true");
      Collection<Element> columnChildren = new ArrayList<Element>();
      column.setChildren(columnChildren);
      sectionChildren.add(column);

      Element hiddenField = (Element) pluginManager.getPlugin(HiddenField.class.getName());
      hiddenField.setProperty(FormUtil.PROPERTY_ID, "_json");
      hiddenField.setProperty(FormUtil.PROPERTY_VALUE, json);
      columnChildren.add((Element) hiddenField);

      Element submitButton = (Element) pluginManager.getPlugin(SubmitButton.class.getName());
      submitButton.setProperty(FormUtil.PROPERTY_ID, "submit");
      submitButton.setProperty("label", buttonLabel);
      columnChildren.add((Element) submitButton);
    }

    // generate form HTML
    String formHtml = null;

    if ("submit".equals(action)) {
      formData = formService.retrieveFormDataFromRequest(formData, request);
      formData = formService.executeFormActions(form, formData);

      // check for validation errors
      Map<String, String> errors = formData.getFormErrors();
      int errorCount = 0;
      if (!formData.getStay() && (errors == null || errors.isEmpty())) {
        // render normal template
        formHtml = formService.generateElementHtml(form, formData);

        // convert submitted
        JSONObject jsonResult = new JSONObject();

        // get binder of main form
        FormStoreBinder mainBinder = form.getStoreBinder();
        FormRowSet rows = formData.getStoreBinderData(mainBinder);

        for (FormRow row : rows) {
          for (Object o : row.keySet()) {
            jsonResult.accumulate(o.toString(), row.get(o));
          }
          Map<String, String> tempFilePathMap = row.getTempFilePathMap();
          if (tempFilePathMap != null && !tempFilePathMap.isEmpty()) {
            jsonResult.put(FormUtil.PROPERTY_TEMP_FILE_PATH, tempFilePathMap);
          }
        }

        model.addAttribute("jsonResult", StringEscapeUtils.escapeJavaScript(jsonResult.toString()));
      } else {
        // render error template
        formHtml = formService.generateElementErrorHtml(form, formData);
        errorCount = errors.size();
      }

      model.addAttribute("setting", callbackSetting);
      model.addAttribute("callback", callback);
      model.addAttribute("submitted", Boolean.TRUE);
      model.addAttribute("errorCount", errorCount);
      model.addAttribute("stay", formData.getStay());
    } else {
      formHtml = formService.retrieveFormHtml(form, formData);
    }

    model.addAttribute("formHtml", formHtml);

    if (request.getParameter("_mapp") != null) {
      response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
      response.setHeader("Access-Control-Allow-Credentials", "true");
      response.setHeader("Content-type", "application/xml");

      return "mapp/embedForm";
    } else {
      return "fbuilder/embedForm";
    }
  }
  @RequestMapping("/client/app/(~:appId)/(~:version)/assignment/(*:activityId)/submit")
  public String clientAssignmentSubmit(
      HttpServletRequest request,
      ModelMap model,
      @RequestParam(required = false) String appId,
      @RequestParam(required = false) String version,
      @RequestParam("activityId") String activityId) {
    // check assignment
    WorkflowAssignment assignment = workflowManager.getAssignment(activityId);
    if (assignment == null) {
      return "client/app/assignmentUnavailable";
    }

    // get app
    AppDefinition appDef = null;
    if (appId != null && !appId.isEmpty()) {
      appDef = appService.getAppDefinition(appId, version);
    } else {
      appDef = appService.getAppDefinitionForWorkflowActivity(activityId);
    }

    // extract form values from request
    FormData formData = new FormData();
    formData = formService.retrieveFormDataFromRequest(formData, request);

    // set process instance ID as primary key
    String processId = assignment.getProcessId();

    // load form
    Long appVersion = (appDef != null) ? appDef.getVersion() : null;
    String formUrl =
        AppUtil.getRequestContextPath()
            + "/web/client/app/"
            + appId
            + "/"
            + appVersion
            + "/assignment/"
            + activityId
            + "/submit";
    PackageActivityForm activityForm =
        appService.viewAssignmentForm(appId, version, activityId, formData, formUrl);
    Form form = activityForm.getForm();

    // submit form
    FormData formResult = formService.executeFormActions(form, formData);

    if (formResult.getFormResult(AssignmentWithdrawButton.DEFAULT_ID) != null) {
      // withdraw assignment
      workflowManager.assignmentWithdraw(activityId);
      return "client/app/dialogClose";

    } else if (formResult.getFormResult(AssignmentCompleteButton.DEFAULT_ID) != null) {
      // complete assignment
      Map<String, String> variableMap = AppUtil.retrieveVariableDataFromRequest(request);
      formResult =
          appService.completeAssignmentForm(appId, version, activityId, formData, variableMap);

      Map<String, String> errors = formResult.getFormErrors();
      if (errors.isEmpty() && activityForm.isAutoContinue()) {
        // redirect to next activity if available
        WorkflowAssignment nextActivity = workflowManager.getAssignmentByProcess(processId);
        if (nextActivity != null) {
          String assignmentUrl =
              "/web/client/app/"
                  + appId
                  + "/"
                  + appVersion
                  + "/assignment/"
                  + nextActivity.getActivityId();
          return "redirect:" + assignmentUrl;
        }
      }
    }

    String html = null;

    // check for validation errors
    Map<String, String> errors = formResult.getFormErrors();
    int errorCount = 0;
    if (errors == null || errors.isEmpty()) {
      // render normal template
      html = formService.generateElementHtml(form, formResult);
    } else {
      // render error template
      html = formService.generateElementErrorHtml(form, formResult);
      errorCount = errors.size();
    }
    String formJson = formService.generateElementJson(form);

    model.addAttribute("assignment", assignment);
    model.addAttribute("form", form);
    model.addAttribute("formHtml", html);
    model.addAttribute("formJson", formJson);
    model.addAttribute("formResult", formResult);
    model.addAttribute("errorCount", errorCount);
    model.addAttribute("submitted", Boolean.TRUE);
    model.addAttribute("closeDialog", Boolean.TRUE);

    return "client/app/assignmentView";
  }