org.camunda.bpm.engine.identity.Tenant Java Examples

@Test
public void deleteTenantUserMembership() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  User user = identityService.newUser(USER_ONE);
  identityService.saveUser(user);

  identityService.createTenantUserMembership(TENANT_ONE, USER_ONE);

  TenantQuery query = identityService.createTenantQuery().userMember(USER_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteTenantUserMembership("nonExisting", USER_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteTenantUserMembership(TENANT_ONE, "nonExisting");
  assertThat(query.count(), is(1L));

  identityService.deleteTenantUserMembership(TENANT_ONE, USER_ONE);
  assertThat(query.count(), is(0L));
}
 

@Test
public void deleteTenantMembershipsOfTenant() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  User user = identityService.newUser(USER_ONE);
  identityService.saveUser(user);

  Group group = identityService.newGroup(GROUP_ONE);
  identityService.saveGroup(group);

  identityService.createTenantUserMembership(TENANT_ONE, USER_ONE);
  identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ONE);

  UserQuery userQuery = identityService.createUserQuery().memberOfTenant(TENANT_ONE);
  GroupQuery groupQuery = identityService.createGroupQuery().memberOfTenant(TENANT_ONE);
  assertThat(userQuery.count(), is(1L));
  assertThat(groupQuery.count(), is(1L));

  identityService.deleteTenant(TENANT_ONE);
  assertThat(userQuery.count(), is(0L));
  assertThat(groupQuery.count(), is(0L));
}
 

@Test
public void deleteTenantMembershipsWhileDeleteGroup() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  Group group = identityService.newGroup(GROUP_ONE);
  identityService.saveGroup(group);

  identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ONE);

  TenantQuery query = identityService.createTenantQuery().groupMember(GROUP_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteGroup(GROUP_ONE);
  assertThat(query.count(), is(0L));
}
 

@Test
public void saveTenantThrowsAuthorizationException() {
  Tenant newTenant = MockProvider.createMockTenant();
  when(identityServiceMock.newTenant(MockProvider.EXAMPLE_TENANT_ID)).thenReturn(newTenant);

  String message = "exception expected";
  doThrow(new AuthorizationException(message)).when(identityServiceMock).saveTenant(newTenant);

  given()
    .body(TenantDto.fromTenant(newTenant))
    .contentType(ContentType.JSON)
  .then().expect()
    .statusCode(Status.FORBIDDEN.getStatusCode())
    .contentType(ContentType.JSON)
    .body("type", equalTo(AuthorizationException.class.getSimpleName()))
    .body("message", equalTo(message))
  .when()
    .post(TENANT_CREATE_URL);
}
 

@Test
public void deleteTenantMembershipsWileDeleteUser() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  User user = identityService.newUser(USER_ONE);
  identityService.saveUser(user);

  identityService.createTenantUserMembership(TENANT_ONE, USER_ONE);

  TenantQuery query = identityService.createTenantQuery().userMember(USER_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteUser(USER_ONE);
  assertThat(query.count(), is(0L));
}
 

@Test
public void createExistingTenant() {
  Tenant newTenant = MockProvider.createMockTenant();
  when(identityServiceMock.newTenant(MockProvider.EXAMPLE_TENANT_ID)).thenReturn(newTenant);

  String message = "exception expected";
  doThrow(new ProcessEngineException(message)).when(identityServiceMock).saveTenant(newTenant);

  given()
    .body(TenantDto.fromTenant(newTenant)).contentType(ContentType.JSON)
  .then().expect()
    .statusCode(Status.INTERNAL_SERVER_ERROR.getStatusCode()).contentType(ContentType.JSON)
    .body("type", equalTo(ProcessEngineException.class.getSimpleName()))
    .body("message", equalTo(message))
  .when()
    .post(TENANT_CREATE_URL);
}
 

@Test
public void deleteTenantGroupMembership() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  Group group = identityService.newGroup(GROUP_ONE);
  identityService.saveGroup(group);

  identityService.createTenantGroupMembership(TENANT_ONE, GROUP_ONE);

  TenantQuery query = identityService.createTenantQuery().groupMember(GROUP_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteTenantGroupMembership("nonExisting", GROUP_ONE);
  assertThat(query.count(), is(1L));

  identityService.deleteTenantGroupMembership(TENANT_ONE, "nonExisting");
  assertThat(query.count(), is(1L));

  identityService.deleteTenantGroupMembership(TENANT_ONE, GROUP_ONE);
  assertThat(query.count(), is(0L));
}
 

@Test
public void updateTenant() {
  // create
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  tenant.setName("Tenant");
  identityService.saveTenant(tenant);

  // update
  tenant = identityService.createTenantQuery().singleResult();
  assertThat(tenant, is(notNullValue()));

  tenant.setName("newName");
  identityService.saveTenant(tenant);

  tenant = identityService.createTenantQuery().singleResult();
  assertEquals("newName", tenant.getName());
}
 

@Test
public void createExistingTenant() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  tenant.setName("Tenant");
  identityService.saveTenant(tenant);

  Tenant secondTenant = identityService.newTenant(TENANT_ONE);
  secondTenant.setName("Tenant");
  try {
    identityService.saveTenant(secondTenant);
    fail("BadUserRequestException is expected");
  } catch (Exception ex) {
    if (!(ex instanceof BadUserRequestException)) {
      fail("BadUserRequestException is expected, but another exception was received:  " + ex);
    }
    assertEquals("The tenant already exists", ex.getMessage());
  }
}
 

@Test
public void failToUpdateTenantForReadOnlyService() {
  Tenant updatedTenant = MockProvider.createMockTenant();
  when(identityServiceMock.isReadOnly()).thenReturn(true);

  given()
    .pathParam("id", MockProvider.EXAMPLE_TENANT_ID)
    .body(TenantDto.fromTenant(updatedTenant)).contentType(ContentType.JSON)
  .then().expect()
    .statusCode(Status.FORBIDDEN.getStatusCode()).contentType(ContentType.JSON)
    .body("type", equalTo(InvalidRequestException.class.getSimpleName()))
    .body("message", equalTo("Identity service implementation is read-only."))
  .when()
    .put(TENANT_URL);

  verify(identityServiceMock, never()).saveTenant(mockTenant);
}
 

@Test
public void shouldLogTenantUpdate() {
  // given
  Tenant newTenant = identityService.newTenant(TEST_TENANT_ID);
  identityService.saveTenant(newTenant);
  assertEquals(0, query.count());

  // when
  newTenant.setName("testName");
  identityService.setAuthenticatedUserId("userId");
  identityService.saveTenant(newTenant);
  identityService.clearAuthentication();

  // then
  assertLog(UserOperationLogEntry.OPERATION_TYPE_UPDATE, EntityTypes.TENANT, null, TEST_TENANT_ID);
}
 

@Before
public void setup() {
  authorizationServiceMock = mock(AuthorizationServiceImpl.class);
  identityServiceMock = mock(IdentityServiceImpl.class);
  repositoryServiceMock = mock(RepositoryService.class);

  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  when(processEngine.getRepositoryService()).thenReturn(repositoryServiceMock);

  // for authentication
  userMock = MockProvider.createMockUser();

  List<Group> groupMocks = MockProvider.createMockGroups();
  groupIds = setupGroupQueryMock(groupMocks);

  List<Tenant> tenantMocks = Collections.singletonList(MockProvider.createMockTenant());
  tenantIds = setupTenantQueryMock(tenantMocks);

  // example method
  ProcessDefinition mockDefinition = MockProvider.createMockDefinition();
  List<ProcessDefinition> mockDefinitions = Arrays.asList(mockDefinition);
  ProcessDefinitionQuery mockQuery = mock(ProcessDefinitionQuery.class);
  when(repositoryServiceMock.createProcessDefinitionQuery()).thenReturn(mockQuery);
  when(mockQuery.list()).thenReturn(mockDefinitions);
}
 

@Test
public void updateNonExistingTenant() {
  Tenant updatedTenant = MockProvider.createMockTenant();
  when(updatedTenant.getName()).thenReturn("updatedName");

  when(mockQuery.singleResult()).thenReturn(null);

  given()
    .pathParam("id", "aNonExistingTenant")
    .body(TenantDto.fromTenant(updatedTenant))
    .contentType(ContentType.JSON)
  .then()
    .expect().statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON)
    .body("type", equalTo(InvalidRequestException.class.getSimpleName()))
    .body("message", equalTo("Tenant with id aNonExistingTenant does not exist"))
  .when()
    .put(TENANT_URL);

  verify(identityServiceMock, never()).saveTenant(any(Tenant.class));
}
 

@Test
public void createTenant() {
  Tenant newTenant = MockProvider.createMockTenant();
  when(identityServiceMock.newTenant(MockProvider.EXAMPLE_TENANT_ID)).thenReturn(newTenant);

  given()
      .body(TenantDto.fromTenant(mockTenant)).contentType(ContentType.JSON)
  .then().expect()
      .statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
      .post(TENANT_CREATE_URL);

  verify(identityServiceMock).newTenant(MockProvider.EXAMPLE_TENANT_ID);
  verify(newTenant).setName(MockProvider.EXAMPLE_TENANT_NAME);
  verify(identityServiceMock).saveTenant(newTenant);
}
 

@Test
public void updateTenant() {
  Tenant updatedTenant = MockProvider.createMockTenant();
  when(updatedTenant.getName()).thenReturn("updatedName");

  given()
    .pathParam("id", MockProvider.EXAMPLE_TENANT_ID)
    .body(TenantDto.fromTenant(updatedTenant))
    .contentType(ContentType.JSON)
  .then()
    .expect().statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
    .put(TENANT_URL);

  // tenant was updated
  verify(mockTenant).setName(updatedTenant.getName());

  // and then saved
  verify(identityServiceMock).saveTenant(mockTenant);
}
 

@Test
public void updateTenantThrowsAuthorizationException() {
  Tenant updatedTenant = MockProvider.createMockTenant();
  when(updatedTenant.getName()).thenReturn("updatedName");

  String message = "exception expected";
  doThrow(new AuthorizationException(message)).when(identityServiceMock).saveTenant(any(Tenant.class));

  given()
    .pathParam("id", MockProvider.EXAMPLE_TENANT_ID)
    .body(TenantDto.fromTenant(updatedTenant))
    .contentType(ContentType.JSON)
  .then().expect()
    .statusCode(Status.FORBIDDEN.getStatusCode())
    .contentType(ContentType.JSON)
    .body("type", equalTo(AuthorizationException.class.getSimpleName()))
    .body("message", equalTo(message))
  .when()
    .put(TENANT_URL);
}
 

protected List<String> getTenantsOfUser(ProcessEngine engine, String userId) {
  List<Tenant> tenants = engine.getIdentityService().createTenantQuery()
    .userMember(userId)
    .includingGroupsOfUser(true)
    .list();

  List<String> tenantIds = new ArrayList<String>();
  for(Tenant tenant : tenants) {
    tenantIds.add(tenant.getId());
  }
  return tenantIds;
}
 

public TenantDto getTenant(UriInfo context) {

    Tenant tenant = findTenantObject();
    if(tenant == null) {
      throw new InvalidRequestException(Status.NOT_FOUND, "Tenant with id " + resourceId + " does not exist");
    }

    TenantDto dto = TenantDto.fromTenant(tenant);
    return dto;
  }
 

private List<String> setupTenantQueryMock(List<Tenant> tenants) {
  TenantQuery mockTenantQuery = mock(TenantQuery.class);

  when(identityServiceMock.createTenantQuery()).thenReturn(mockTenantQuery);
  when(mockTenantQuery.userMember(anyString())).thenReturn(mockTenantQuery);
  when(mockTenantQuery.includingGroupsOfUser(anyBoolean())).thenReturn(mockTenantQuery);
  when(mockTenantQuery.list()).thenReturn(tenants);

  List<String> tenantIds = new ArrayList<String>();
  for(Tenant tenant: tenants) {
    tenantIds.add(tenant.getId());
  }
  return tenantIds;
}
 

@Test
public void createTenantWithGenericResourceId() {
  processEngine = ProcessEngineConfiguration
    .createProcessEngineConfigurationFromResource("org/camunda/bpm/engine/test/api/identity/generic.resource.id.whitelist.camunda.cfg.xml")
    .buildProcessEngine();

  Tenant tenant = processEngine.getIdentityService().newTenant("*");

  thrown.expect(ProcessEngineException.class);
  thrown.expectMessage("has an invalid id: id cannot be *. * is a reserved identifier.");

  processEngine.getIdentityService().saveTenant(tenant);
}
 

public static List<TenantDto> fromTenantList(List<Tenant> tenants) {
  List<TenantDto> dtos = new ArrayList<TenantDto>();
  for (Tenant tenant : tenants) {
    dtos.add(fromTenant(tenant));
  }
  return dtos;
}
 

protected Tenant findTenantObject() {
  try {
    return identityService.createTenantQuery()
        .tenantId(resourceId)
        .singleResult();

  } catch(ProcessEngineException e) {
    throw new InvalidRequestException(Status.INTERNAL_SERVER_ERROR,
        "Exception while performing tenant query: " + e.getMessage());
  }
}
 

public void createTenant(TenantDto dto) {

    if (getIdentityService().isReadOnly()) {
      throw new InvalidRequestException(Status.FORBIDDEN, "Identity service implementation is read-only.");
    }

    Tenant newTenant = getIdentityService().newTenant(dto.getId());
    dto.update(newTenant);

    getIdentityService().saveTenant(newTenant);
  }
 

protected List<String> setupTenantQueryMock(List<Tenant> tenants) {
  TenantQuery mockTenantQuery = mock(TenantQuery.class);

  when(identityServiceMock.createTenantQuery()).thenReturn(mockTenantQuery);
  when(mockTenantQuery.userMember(anyString())).thenReturn(mockTenantQuery);
  when(mockTenantQuery.includingGroupsOfUser(anyBoolean())).thenReturn(mockTenantQuery);
  when(mockTenantQuery.list()).thenReturn(tenants);

  List<String> tenantIds = new ArrayList<String>();
  for(Tenant tenant: tenants) {
    tenantIds.add(tenant.getId());
  }
  return tenantIds;
}
 

public void testTenantGroupMembershipCreateAuthorizations() {

    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);

    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);

    // add base permission which allows nobody to create memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL); // add all then remove 'create'
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);

    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);

    try {
      identityService.createTenantGroupMembership("tenant1", "group1");
      fail("exception expected");

    } catch (AuthorizationException e) {
      assertEquals(1, e.getMissingAuthorizations().size());
      MissingAuthorization info = e.getMissingAuthorizations().get(0);
      assertEquals(jonny2, e.getUserId());
      assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
  }
 

@Test
public void deleteTenant() {
  // create
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  identityService.saveTenant(tenant);

  TenantQuery query = identityService.createTenantQuery();
  assertThat(query.count(), is(1L));

  identityService.deleteTenant("nonExisting");
  assertThat(query.count(), is(1L));

  identityService.deleteTenant(TENANT_ONE);
  assertThat(query.count(), is(0L));
}
 

@Test
public void testInvalidTenantIdOnUpdate() {
  String invalidId = "john's tenant";
  try {
    Tenant updatedTenant = identityService.newTenant("john");
    updatedTenant.setId(invalidId);
    identityService.saveTenant(updatedTenant);

    fail("Invalid tenant id exception expected!");
  } catch (ProcessEngineException ex) {
    assertEquals(String.format(INVALID_ID_MESSAGE, "Tenant", invalidId), ex.getMessage());
  }
}
 

@Test
public void createTenant() {
  Tenant tenant = identityService.newTenant(TENANT_ONE);
  tenant.setName("Tenant");
  identityService.saveTenant(tenant);

  tenant = identityService.createTenantQuery().singleResult();
  assertThat(tenant, is(notNullValue()));
  assertThat(tenant.getId(), is(TENANT_ONE));
  assertThat(tenant.getName(), is("Tenant"));
}
 

public void testTenantUserMembershipDeleteAuthorizations() {

    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);

    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);

    // add base permission which allows nobody to delete memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL); // add all then remove 'delete'
    basePerms.removePermission(DELETE);
    authorizationService.saveAuthorization(basePerms);

    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);

    try {
      identityService.deleteTenantUserMembership("tenant1", "jonny1");
      fail("exception expected");

    } catch (AuthorizationException e) {
      assertEquals(1, e.getMissingAuthorizations().size());
      MissingAuthorization info = e.getMissingAuthorizations().get(0);
      assertEquals(jonny2, e.getUserId());
      assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
  }
 

public void testTenantUserMembershipCreateAuthorizations() {

    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);

    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);

    // add base permission which allows nobody to create memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL); // add all then remove 'create'
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);

    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);

    try {
      identityService.createTenantUserMembership("tenant1", "jonny1");
      fail("exception expected");

    } catch (AuthorizationException e) {
      assertEquals(1, e.getMissingAuthorizations().size());
      MissingAuthorization info = e.getMissingAuthorizations().get(0);
      assertEquals(jonny2, e.getUserId());
      assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
  }