org.camunda.bpm.engine.authorization.Resource Java Examples
The following examples show how to use
org.camunda.bpm.engine.authorization.Resource.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
@SuppressWarnings("unchecked")
public void testIsUserAuthorizedNoAuthentication() {
List<String> exampleGroups = new ArrayList<String>();
when(identityServiceMock.getCurrentAuthentication()).thenReturn(null);
ResourceUtil resource = new ResourceUtil(MockProvider.EXAMPLE_RESOURCE_TYPE_NAME, MockProvider.EXAMPLE_RESOURCE_TYPE_ID);
Permission permission = getPermissionProvider().getPermissionForName(MockProvider.EXAMPLE_PERMISSION_NAME, MockProvider.EXAMPLE_RESOURCE_TYPE_ID);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, exampleGroups, permission, resource)).thenReturn(false);
given()
.queryParam("permissionName", MockProvider.EXAMPLE_PERMISSION_NAME)
.queryParam("resourceName", MockProvider.EXAMPLE_RESOURCE_TYPE_NAME)
.queryParam("resourceType", MockProvider.EXAMPLE_RESOURCE_TYPE_ID)
.then().expect().statusCode(Status.UNAUTHORIZED.getStatusCode())
.when().get(AUTH_CHECK_PATH);
verify(identityServiceMock, times(1)).getCurrentAuthentication();
verify(authorizationServiceMock, never()).isUserAuthorized(any(String.class), any(List.class), any(Permission.class), any(Resource.class));
verify(authorizationServiceMock, never()).isUserAuthorized(any(String.class), any(List.class), any(Permission.class), any(Resource.class), any(String.class));
}
Example #2
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testGlobalUniqueConstraints() {
Resource resource1 = TestResource.RESOURCE1;
Authorization authorization1 = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
Authorization authorization2 = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
authorization1.setResource(resource1);
authorization1.setResourceId("someId");
authorization2.setResource(resource1);
authorization2.setResourceId("someId");
// the first one can be saved
authorizationService.saveAuthorization(authorization1);
// the second one cannot
try {
authorizationService.saveAuthorization(authorization2);
fail("exception expected");
} catch(Exception e) {
//expected
}
}
Example #3
| Source File: DefaultAuthorizationProvider.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
protected AuthorizationEntity createOrUpdateAuthorization(Task task, String userId,
String groupId, Resource resource,
boolean isHistoric,
Permission... permissions) {
String taskId = task.getId();
AuthorizationEntity authorization = getGrantAuthorization(taskId, userId, groupId, resource);
if (authorization == null) {
authorization = createAuthorization(userId, groupId, resource, taskId, permissions);
if (isHistoric) {
provideRemovalTime(authorization, task);
}
} else {
addPermissions(authorization, permissions);
}
return authorization;
}
Example #4
| Source File: AbstractAuthorizedRestResource.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
protected boolean isAuthorized(Permission permission, Resource resource, String resourceId) {
if (!processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
// if authorization is disabled everyone is authorized
return true;
}
final IdentityService identityService = processEngine.getIdentityService();
final AuthorizationService authorizationService = processEngine.getAuthorizationService();
Authentication authentication = identityService.getCurrentAuthentication();
if(authentication == null) {
return true;
} else {
return authorizationService
.isUserAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, resourceId);
}
}
Example #5
| Source File: MissingAuthorizationMatcher.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
protected static MissingAuthorization asMissingAuthorization(Authorization authorization) {
String permissionName = null;
String resourceId = null;
String resourceName = null;
Permission[] permissions = AuthorizationTestUtil.getPermissions(authorization);
for (Permission permission : permissions) {
if (permission.getValue() != Permissions.NONE.getValue()) {
permissionName = permission.getName();
break;
}
}
resourceId = authorization.getResourceId();
Resource resource = AuthorizationTestUtil.getResourceByType(authorization.getResourceType());
resourceName = resource.resourceName();
return new MissingAuthorization(permissionName, resourceName, resourceId);
}
Example #6
| Source File: DefaultAuthorizationProvider.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
protected AuthorizationEntity createGrantAuthorization(String userId, String groupId,
Resource resource, String resourceId,
Permission... permissions) {
// assuming that there are no default authorizations for *
if (userId != null) {
ensureValidIndividualResourceId("Cannot create authorization for user " + userId, userId);
}
if (groupId != null) {
ensureValidIndividualResourceId("Cannot create authorization for group " + groupId, groupId);
}
AuthorizationEntity authorization = new AuthorizationEntity(AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.setGroupId(groupId);
authorization.setResource(resource);
authorization.setResourceId(resourceId);
addPermissions(authorization, permissions);
return authorization;
}
Example #7
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testGlobalGrantAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalAuth.setResource(resource1);
globalAuth.setResourceId(ANY);
globalAuth.addPermission(TestPermissions.ALL);
authorizationService.saveAuthorization(globalAuth);
List<String> jonnysGroups = Arrays.asList(new String[]{"sales", "marketing"});
List<String> someOneElsesGroups = Arrays.asList(new String[]{"marketing"});
// this authorizes any user to do anything in this resource:
processEngineConfiguration.setAuthorizationEnabled(true);
assertTrue(authorizationService.isUserAuthorized("jonny", null, TestPermissions.ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, TestPermissions.ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone", null, TestPermissions.ACCESS, resource1));
assertTrue(authorizationService.isUserAuthorized("someone", someOneElsesGroups, TestPermissions.ACCESS, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, TestPermissions.DELETE, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", null, TestPermissions.ALL, resource1, "someId"));
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, TestPermissions.ALL, resource1, "someId"));
assertTrue(authorizationService.isUserAuthorized("someone", null, TestPermissions.ACCESS, resource1, "someId"));
assertTrue(authorizationService.isUserAuthorized("someone else", null, TestPermissions.DELETE, resource1, "someOtherId"));
processEngineConfiguration.setAuthorizationEnabled(true);
}
Example #8
| Source File: PermissionsTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testNewPermissionsIntegrityToOld() {
for (Permissions permission : Permissions.values()) {
String permissionName = permission.getName();
for (Resource resource : permission.getTypes()) {
Class<? extends Enum<?>> clazz = ResourceTypeUtil.getPermissionEnums().get(resource.resourceType());
if (clazz != null && !clazz.equals(Permissions.class)) {
Permission resolvedPermission = null;
for (Enum<?> enumCandidate : clazz.getEnumConstants()) {
if (enumCandidate.toString().equals(permissionName)) {
resolvedPermission = (Permission) enumCandidate;
break;
}
}
assertThat(resolvedPermission)
.overridingErrorMessage("Permission %s for resource %s not found in new enum %s", permission, resource, clazz.getSimpleName())
.isNotNull();
assertThat(resolvedPermission.getValue()).isEqualTo(permission.getValue());
}
}
}
}
Example #9
| Source File: MigrateProcessInstanceSyncQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void grantAuthorization(String userId, Resource resource, String resourceId, Permission permission) {
Authorization authorization = engineRule.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setResource(resource);
authorization.setResourceId(resourceId);
authorization.addPermission(permission);
authorization.setUserId(userId);
engineRule.getAuthorizationService().saveAuthorization(authorization);
authorizations.add(authorization);
}
Example #10
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource, String resourceId, String groupId) {
if(resourceId == null) {
throw new IllegalArgumentException("Resource id cannot be null");
}
if(isAuthorizationEnabled()) {
Map<String, Object> deleteParams = new HashMap<String, Object>();
deleteParams.put("resourceType", resource.resourceType());
deleteParams.put("resourceId", resourceId);
deleteParams.put("groupId", groupId);
getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", deleteParams);
}
}
Example #11
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(type);
authorization.setResource(resource);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
Example #12
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void deleteAuthorizationsByResourceId(Resource resource, String resourceId) {
if(resourceId == null) {
throw new IllegalArgumentException("Resource id cannot be null");
}
if(isAuthorizationEnabled()) {
Map<String, Object> deleteParams = new HashMap<String, Object>();
deleteParams.put("resourceType", resource.resourceType());
deleteParams.put("resourceId", resourceId);
getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", deleteParams);
}
}
Example #13
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void deleteAuthorizationsByResourceIdAndUserId(Resource resource, String resourceId, String userId) {
if(resourceId == null) {
throw new IllegalArgumentException("Resource id cannot be null");
}
if(isAuthorizationEnabled()) {
Map<String, Object> deleteParams = new HashMap<String, Object>();
deleteParams.put("resourceType", resource.resourceType());
deleteParams.put("resourceId", resourceId);
deleteParams.put("userId", userId);
getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", deleteParams);
}
}
Example #14
| Source File: AuthorizationServiceTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testDisabledAuthorizationCheck() {
// given
Resource resource1 = TestResource.RESOURCE1;
// when
boolean isAuthorized = authorizationService.isUserAuthorized("jonny", null, UPDATE, resource1);
// then
assertTrue(isAuthorized);
}
Example #15
| Source File: AuthorizationUserOperationLogTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Override
public String getNameForResource(int resourceType) {
for (Resource resource : TestResource.values()) {
if (resourceType == resource.resourceType()) {
return resource.resourceName();
}
}
return null;
}
Example #16
| Source File: PermissionCheck.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void setResource(Resource resource) {
this.resource = resource;
if (resource != null) {
resourceType = resource.resourceType();
}
}
Example #17
| Source File: AuthorizationCheckCmd.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public AuthorizationCheckCmd(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId) {
this.userId = userId;
this.groupIds = groupIds;
this.permission = permission;
this.resource = resource;
this.resourceId = resourceId;
validate(userId, groupIds, permission, resource);
}
Example #18
| Source File: AuthorizationQueryImpl.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public AuthorizationQuery hasPermission(Permission p) {
queryByPermission = true;
if (resourcesIntersection.size() == 0) {
resourcesIntersection.addAll(Arrays.asList(p.getTypes()));
} else {
resourcesIntersection.retainAll(new HashSet<Resource>(Arrays.asList(p.getTypes())));
}
this.permission |= p.getValue();
return this;
}
Example #19
| Source File: AuthorizationQueryImpl.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
/**
* check whether the permissions' resources
* are compatible to the filtered resource parameter
*/
private boolean containsIncompatibleResourceType() {
if (queryByResourceType && queryByPermission) {
Resource[] resources = resourcesIntersection.toArray(new Resource[resourcesIntersection.size()]);
return !ResourceTypeUtil.resourceIsContainedInArray(resourceType, resources);
}
return false;
}
Example #20
| Source File: ResourceTypeUtil.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
/**
* Iterates over the {@link Resources} and
* returns either the resource with specified <code>resourceType</code> or <code>null</code>.
*/
public static Resource getResourceByType(int resourceType) {
for (Resource resource : Resources.values()) {
if (resource.resourceType() == resourceType) {
return resource;
}
}
return null;
}
Example #21
| Source File: ResourceTypeUtil.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
/**
* @return <code>true</code> in case the resource with the provided resourceTypeId is contained by the specified list
*/
public static boolean resourceIsContainedInArray(Integer resourceTypeId, Resource[] resources) {
for (Resource resource : resources) {
if (resourceTypeId == resource.resourceType()) {
return true;
}
}
return false;
}
Example #22
| Source File: AuthorizationSpec.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public static AuthorizationSpec auth(int type, Resource resource, String resourceId, String userId, Permission... permissions) {
AuthorizationSpec spec = new AuthorizationSpec();
spec.type = type;
spec.resource = resource;
spec.resourceId = resourceId;
spec.userId = userId;
spec.permissions = permissions;
return spec;
}
Example #23
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission) {
configureQuery(query);
CompositePermissionCheck permissionCheck = new PermissionCheckBuilder()
.atomicCheck(resource, queryParam, permission)
.build();
addPermissionCheck(query.getAuthCheck(), permissionCheck);
}
Example #24
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testEnabledAuthorizationCheck() {
// given
Resource resource1 = TestResource.RESOURCE1;
// when
boolean isAuthorized = authorizationService.isUserAuthorized("jonny", null, UPDATE, resource1);
// then
assertFalse(isAuthorized);
}
Example #25
| Source File: AuthorizationRestServiceInteractionTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
@SuppressWarnings("unchecked")
public void testIsUserAuthorizedBadRequests() {
given()
.queryParam("permissionName", MockProvider.EXAMPLE_PERMISSION_NAME)
.queryParam("resourceName", MockProvider.EXAMPLE_RESOURCE_TYPE_NAME)
.then().expect().statusCode(Status.BAD_REQUEST.getStatusCode())
.when().get(AUTH_CHECK_PATH);
given()
.queryParam("permissionName", MockProvider.EXAMPLE_PERMISSION_NAME)
.queryParam("resourceType", MockProvider.EXAMPLE_RESOURCE_TYPE_ID)
.then().expect().statusCode(Status.BAD_REQUEST.getStatusCode())
.when().get(AUTH_CHECK_PATH);
given()
.queryParam("resourceName", MockProvider.EXAMPLE_RESOURCE_TYPE_NAME)
.queryParam("resourceType", MockProvider.EXAMPLE_RESOURCE_TYPE_ID)
.then().expect().statusCode(Status.BAD_REQUEST.getStatusCode())
.when().get(AUTH_CHECK_PATH);
verify(identityServiceMock, never()).getCurrentAuthentication();
verify(authorizationServiceMock, never()).isUserAuthorized(any(String.class), any(List.class), any(Permission.class), any(Resource.class));
verify(authorizationServiceMock, never()).isUserAuthorized(any(String.class), any(List.class), any(Permission.class), any(Resource.class), any(String.class));
}
Example #26
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource) {
configureQuery(query);
CompositePermissionCheck compositePermissionCheck = new PermissionCheckBuilder()
.conjunctive()
.atomicCheck(resource, "RES.KEY_", READ)
.atomicCheck(resource, "RES.KEY_", READ_HISTORY)
.build();
query.getAuthCheck().setPermissionChecks(compositePermissionCheck);
}
Example #27
| Source File: AuthorizationQueryTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void createAuthorization(String userId, String groupId, Resource resourceType, String resourceId, Permission... permissions) {
Authorization authorization = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
authorization.setUserId(userId);
authorization.setGroupId(groupId);
authorization.setResource(resourceType);
authorization.setResourceId(resourceId);
for (Permission permission : permissions) {
authorization.addPermission(permission);
}
authorizationService.saveAuthorization(authorization);
}
Example #28
| Source File: AuthorizationManager.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public boolean isAuthorized(Permission permission, Resource resource, String resourceId) {
// this will be called by LdapIdentityProviderSession#isAuthorized() for executing LdapQueries.
// to be backward compatible a check whether authorization has been enabled inside the given
// command context will not be done.
final Authentication currentAuthentication = getCurrentAuthentication();
if(isAuthorizationEnabled() && currentAuthentication != null && currentAuthentication.getUserId() != null) {
return isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), permission, resource, resourceId);
} else {
return true;
}
}
Example #29
| Source File: AuthorizationServiceWithEnabledAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUserOverrideGlobalGrantAuthorizationCheck() {
Resource resource1 = TestResource.RESOURCE1;
// create global authorization which grants all permissions to all users (on resource1):
Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
globalGrant.setResource(resource1);
globalGrant.setResourceId(ANY);
globalGrant.addPermission(ALL);
authorizationService.saveAuthorization(globalGrant);
// revoke READ for jonny
Authorization localRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
localRevoke.setUserId("jonny");
localRevoke.setResource(resource1);
localRevoke.setResourceId(ANY);
localRevoke.removePermission(READ);
authorizationService.saveAuthorization(localRevoke);
List<String> jonnysGroups = Arrays.asList("sales", "marketing");
List<String> someOneElsesGroups = Collections.singletonList("marketing");
// jonny does not have ALL permissions
assertFalse(authorizationService.isUserAuthorized("jonny", null, ALL, resource1));
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, ALL, resource1));
// jonny can't read
assertFalse(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
assertFalse(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
// someone else can
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", null, ALL, resource1));
assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
// jonny can still delete
assertTrue(authorizationService.isUserAuthorized("jonny", null, DELETE, resource1));
assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, DELETE, resource1));
}
Example #30
| Source File: ResourceAuthorizationProviderTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
Authorization authorization = authorizationService.createNewAuthorization(type);
authorization.setResource(resource);
if (resourceId != null) {
authorization.setResourceId(resourceId);
}
return authorization;
}
