org.camunda.bpm.engine.IdentityService Java Examples

public ResourceOptionsDto availableOperations(UriInfo context) {

    final IdentityService identityService = getIdentityService();

    UriBuilder baseUriBuilder = context.getBaseUriBuilder()
        .path(relativeRootResourcePath)
        .path(UserRestService.PATH);

    ResourceOptionsDto resourceOptionsDto = new ResourceOptionsDto();

    // GET /
    URI baseUri = baseUriBuilder.build();
    resourceOptionsDto.addReflexiveLink(baseUri, HttpMethod.GET, "list");

    // GET /count
    URI countUri = baseUriBuilder.clone().path("/count").build();
    resourceOptionsDto.addReflexiveLink(countUri, HttpMethod.GET, "count");

    // POST /create
    if(!identityService.isReadOnly() && isAuthorized(CREATE)) {
      URI createUri = baseUriBuilder.clone().path("/create").build();
      resourceOptionsDto.addReflexiveLink(createUri, HttpMethod.POST, "create");
    }

    return resourceOptionsDto;
  }
 

public ResourceOptionsDto availableOperations(UriInfo context) {

    final IdentityService identityService = getIdentityService();

    UriBuilder baseUriBuilder = context.getBaseUriBuilder()
        .path(relativeRootResourcePath)
        .path(GroupRestService.PATH);

    ResourceOptionsDto resourceOptionsDto = new ResourceOptionsDto();

    // GET /
    URI baseUri = baseUriBuilder.build();
    resourceOptionsDto.addReflexiveLink(baseUri, HttpMethod.GET, "list");

    // GET /count
    URI countUri = baseUriBuilder.clone().path("/count").build();
    resourceOptionsDto.addReflexiveLink(countUri, HttpMethod.GET, "count");

    // POST /create
    if(!identityService.isReadOnly() && isAuthorized(CREATE)) {
      URI createUri = baseUriBuilder.clone().path("/create").build();
      resourceOptionsDto.addReflexiveLink(createUri, HttpMethod.POST, "create");
    }

    return resourceOptionsDto;
  }
 

@DescribesScenario("initUser")
@Times(1)
public static ScenarioSetup initUser() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      // given
      IdentityService identityService = engine.getIdentityService();
      User user = identityService.newUser(USER_NAME);
      user.setPassword(USER_PWD);

      // when
      identityService.saveUser(user);

    }
  };
}
 

@DescribesScenario("createProcInstancesAndOpLogs")
public static ScenarioSetup createProcInstancesAndOpLogs() {
  return (engine, scenarioName) -> {
    IdentityService identityService = engine.getIdentityService();
    for (int i = 0; i < 5; i++) {
      String processInstanceId = engine.getRuntimeService()
          .startProcessInstanceByKey("oneTaskProcess",
              "HistPermsWithoutProcDefKeyScenarioBusinessKey" + i)
          .getId();

      identityService.setAuthentication("mary02", null);

      TaskService taskService = engine.getTaskService();

      String taskId = taskService.createTaskQuery()
          .processInstanceId(processInstanceId)
          .singleResult()
          .getId();

      taskService.setAssignee(taskId, "john");

      identityService.clearAuthentication();
    }
  };
}
 

@Override
public Response checkPassword(PasswordDto password) {
  boolean isEnabled = processEngine.getProcessEngineConfiguration().isEnablePasswordPolicy();

  if (isEnabled) {
    IdentityService identityService = processEngine.getIdentityService();

    PasswordPolicyResult result = identityService.checkPasswordAgainstPolicy(password.getPassword());

    return Response.status(Status.OK.getStatusCode())
      .entity(CheckPasswordPolicyResultDto.fromPasswordPolicyResult(result))
      .build();

  } else {
    return Response.status(Status.NOT_FOUND.getStatusCode()).build();

  }
}
 

@DescribesScenario("createUserOperationLogEntriesForDelete")
public static ScenarioSetup createUserOperationLogEntries() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();
      identityService.setAuthentication("mary01", null);

      TaskService taskService = engine.getTaskService();

      String taskId = "myTaskForUserOperationLogDel";
      Task task = taskService.newTask(taskId);
      taskService.saveTask(task);

      identityService.clearAuthentication();
    }
  };
}
 

@Override
public Response getPasswordPolicy() {
  boolean isEnabled = processEngine.getProcessEngineConfiguration().isEnablePasswordPolicy();

  if (isEnabled) {
    IdentityService identityService = processEngine.getIdentityService();

    return Response.status(Status.OK.getStatusCode())
      .entity(PasswordPolicyDto.fromPasswordPolicy(identityService.getPasswordPolicy()))
      .build();

  } else {
    return Response.status(Status.NOT_FOUND.getStatusCode()).build();

  }
}
 

@DescribesScenario("createUserOperationLogEntries")
public static ScenarioSetup createUserOperationLogEntries() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();
      String processInstanceBusinessKey = "SetAssigneeProcessInstanceTaskScenario";
      engine.getRuntimeService().startProcessInstanceByKey("oneTaskProcess_userOpLog", processInstanceBusinessKey);

      identityService.setAuthentication("mary02", null);

      TaskService taskService = engine.getTaskService();
      List<Task> list = taskService.createTaskQuery().processInstanceBusinessKey(processInstanceBusinessKey).list();
      Task task = list.get(0);
      taskService.setAssignee(task.getId(), "john");

      identityService.clearAuthentication();
    }
  };
}
 

@DescribesScenario("createUserOperationLogEntries")
public static ScenarioSetup createUserOperationLogEntries() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();
      identityService.setAuthentication("jane02", null);

      TaskService taskService = engine.getTaskService();

      String taskId = "myTaskForUserOperationLog";
      Task task = taskService.newTask(taskId);
      taskService.saveTask(task);

      identityService.clearAuthentication();
    }
  };
}
 

@DescribesScenario("createUserOperationLogEntriesForDelete")
public static ScenarioSetup createUserOperationLogEntries() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      String processInstanceBusinessKey = "SuspendProcessDefinitionDeleteScenario";
      ProcessInstance processInstance1 = engine.getRuntimeService().startProcessInstanceByKey("timerBoundaryProcess", processInstanceBusinessKey);
      ProcessInstance processInstance2 = engine.getRuntimeService().startProcessInstanceByKey("timerBoundaryProcess", processInstanceBusinessKey);
      ProcessInstance processInstance3 = engine.getRuntimeService().startProcessInstanceByKey("timerBoundaryProcess", processInstanceBusinessKey);
      
      IdentityService identityService = engine.getIdentityService();
      identityService.setAuthentication("jane01", null);

      engine.getProcessEngineConfiguration().setAuthorizationEnabled(false);
      ClockUtil.setCurrentTime(new Date(1549000000000l));
      engine.getRuntimeService().suspendProcessInstanceById(processInstance1.getId());
      ClockUtil.setCurrentTime(new Date(1549100000000l));
      engine.getRuntimeService().suspendProcessInstanceById(processInstance2.getId());
      ClockUtil.setCurrentTime(new Date(1549200000000l));
      engine.getRuntimeService().suspendProcessInstanceById(processInstance3.getId());

      ClockUtil.reset();
      identityService.clearAuthentication();
    }
  };
}
 

public static void testUserPaging(IdentityService identityService) {
  Set<String> userNames = new HashSet<String>();
  List<User> users = identityService.createUserQuery().listPage(0, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().listPage(2, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().listPage(4, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().listPage(6, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().listPage(12, 2);
  assertEquals(0, users.size());
}
 

public static void testGroupPaging(IdentityService identityService) {
  Set<String> groupNames = new HashSet<String>();
  List<Group> groups = identityService.createGroupQuery().listPage(0, 2);
  assertEquals(2, groups.size());
  checkPagingResults(groupNames, groups.get(0).getId(), groups.get(1).getId());

  groups = identityService.createGroupQuery().listPage(2, 2);
  assertEquals(2, groups.size());
  checkPagingResults(groupNames, groups.get(0).getId(), groups.get(1).getId());

  groups = identityService.createGroupQuery().listPage(4, 2);
  assertEquals(2, groups.size());
  assertFalse(groupNames.contains(groups.get(0).getId()));
  groupNames.add(groups.get(0).getId());

  groups = identityService.createGroupQuery().listPage(6, 2);
  assertEquals(0, groups.size());
}
 

public static void testUserPagingWithMemberOfGroup(IdentityService identityService) {
  Set<String> userNames = new HashSet<String>();
  List<User> users = identityService.createUserQuery().memberOfGroup("all").listPage(0, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().memberOfGroup("all").listPage(2, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().memberOfGroup("all").listPage(4, 2);
  assertEquals(2, users.size());
  checkPagingResults(userNames, users.get(0).getId(), users.get(1).getId());

  users = identityService.createUserQuery().memberOfGroup("all").listPage(11, 2);
  assertEquals(1, users.size());
  assertFalse(userNames.contains(users.get(0).getId()));

  users = identityService.createUserQuery().memberOfGroup("all").listPage(12, 2);
  assertEquals(0, users.size());
}
 

public static String getApplicationPathForDeployment(ProcessEngine engine, String deploymentId) {

    // get the name of the process application that made the deployment
    String processApplicationName = null;
    IdentityService identityService = engine.getIdentityService();
    Authentication currentAuthentication = identityService.getCurrentAuthentication();
    try {
      identityService.clearAuthentication();
      processApplicationName = engine.getManagementService().getProcessApplicationForDeployment(deploymentId);
    } finally {
      identityService.setAuthentication(currentAuthentication);
    }

    if (processApplicationName == null) {
      // no a process application deployment
      return null;
    } else {
      ProcessApplicationService processApplicationService = BpmPlatform.getProcessApplicationService();
      ProcessApplicationInfo processApplicationInfo = processApplicationService.getProcessApplicationInfo(processApplicationName);
      return processApplicationInfo.getProperties().get(ProcessApplicationInfo.PROP_SERVLET_CONTEXT_PATH);
    }
  }
 

private void mockServices(ProcessEngine engine) {
  RepositoryService repoService = mock(RepositoryService.class);
  IdentityService identityService = mock(IdentityService.class);
  TaskService taskService = mock(TaskService.class);
  RuntimeService runtimeService = mock(RuntimeService.class);
  FormService formService = mock(FormService.class);
  HistoryService historyService = mock(HistoryService.class);
  ManagementService managementService = mock(ManagementService.class);
  CaseService caseService = mock(CaseService.class);
  FilterService filterService = mock(FilterService.class);
  ExternalTaskService externalTaskService = mock(ExternalTaskService.class);

  when(engine.getRepositoryService()).thenReturn(repoService);
  when(engine.getIdentityService()).thenReturn(identityService);
  when(engine.getTaskService()).thenReturn(taskService);
  when(engine.getRuntimeService()).thenReturn(runtimeService);
  when(engine.getFormService()).thenReturn(formService);
  when(engine.getHistoryService()).thenReturn(historyService);
  when(engine.getManagementService()).thenReturn(managementService);
  when(engine.getCaseService()).thenReturn(caseService);
  when(engine.getFilterService()).thenReturn(filterService);
  when(engine.getExternalTaskService()).thenReturn(externalTaskService);
}
 

private void mockServices(ProcessEngine engine) {
  RepositoryService repoService = mock(RepositoryService.class);
  IdentityService identityService = mock(IdentityService.class);
  TaskService taskService = mock(TaskService.class);
  RuntimeService runtimeService = mock(RuntimeService.class);
  FormService formService = mock(FormService.class);
  HistoryService historyService = mock(HistoryService.class);
  ManagementService managementService = mock(ManagementService.class);
  CaseService caseService = mock(CaseService.class);
  FilterService filterService = mock(FilterService.class);
  ExternalTaskService externalTaskService = mock(ExternalTaskService.class);

  when(engine.getRepositoryService()).thenReturn(repoService);
  when(engine.getIdentityService()).thenReturn(identityService);
  when(engine.getTaskService()).thenReturn(taskService);
  when(engine.getRuntimeService()).thenReturn(runtimeService);
  when(engine.getFormService()).thenReturn(formService);
  when(engine.getHistoryService()).thenReturn(historyService);
  when(engine.getManagementService()).thenReturn(managementService);
  when(engine.getCaseService()).thenReturn(caseService);
  when(engine.getFilterService()).thenReturn(filterService);
  when(engine.getExternalTaskService()).thenReturn(externalTaskService);
}
 

protected boolean isAuthorized(Permission permission, Resource resource, String resourceId) {
  if (!processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
    // if authorization is disabled everyone is authorized
    return true;
  }

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  Authentication authentication = identityService.getCurrentAuthentication();
  if(authentication == null) {
    return true;

  } else {
    return authorizationService
       .isUserAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, resourceId);
  }
}
 

public void createUser(UserDto userDto) {
  final IdentityService identityService = getIdentityService();

  if(identityService.isReadOnly()) {
    throw new InvalidRequestException(Status.FORBIDDEN, "Identity service implementation is read-only.");
  }

  UserProfileDto profile = userDto.getProfile();
  if(profile == null || profile.getId() == null) {
    throw new InvalidRequestException(Status.BAD_REQUEST, "request object must provide profile information with valid id.");
  }

  User newUser = identityService.newUser(profile.getId());
  profile.update(newUser);

  if(userDto.getCredentials() != null) {
    newUser.setPassword(userDto.getCredentials().getPassword());
  }

  identityService.saveUser(newUser);

}
 

@Before
public void setupData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);

  mockTenant = MockProvider.createMockTenant();
  mockQuery = setUpMockQuery(mockTenant);
}
 

public void createGroup(GroupDto groupDto) {
  final IdentityService identityService = getIdentityService();

  if(identityService.isReadOnly()) {
    throw new InvalidRequestException(Status.FORBIDDEN, "Identity service implementation is read-only.");
  }

  Group newGroup = identityService.newGroup(groupDto.getId());
  groupDto.update(newGroup);
  identityService.saveGroup(newGroup);

}
 

private boolean isHistoryEnabled() {
  IdentityService identityService = engine.getIdentityService();
  Authentication currentAuthentication = identityService.getCurrentAuthentication();
  try {
    identityService.clearAuthentication();
    int historyLevel = engine.getManagementService().getHistoryLevel();
    return historyLevel > ProcessEngineConfigurationImpl.HISTORYLEVEL_NONE;
  } finally {
    identityService.setAuthentication(currentAuthentication);
  }
}
 

@Override
public AuthenticationResult verifyUser(BasicUserCredentialsDto credentialsDto) {
  if (credentialsDto.getUsername() == null || credentialsDto.getPassword() == null) {
    throw new InvalidRequestException(Status.BAD_REQUEST, "Username and password are required");
  }
  IdentityService identityService = getProcessEngine().getIdentityService();
  boolean valid = identityService.checkPassword(credentialsDto.getUsername(), credentialsDto.getPassword());
  if (valid) {
    return AuthenticationResult.successful(credentialsDto.getUsername());
  } else {
    return AuthenticationResult.unsuccessful(credentialsDto.getUsername());
  }
}
 

@Override
public GroupInfoDto getGroupInfo(String userId) {
  if (userId == null) {
    throw new InvalidRequestException(Status.BAD_REQUEST, "No user id was supplied");
  }

  IdentityService identityService = getProcessEngine().getIdentityService();

  GroupQuery query = identityService.createGroupQuery();
  List<Group> userGroups = query.groupMember(userId)
      .orderByGroupName()
      .asc()
      .unlimitedList();

  Set<UserDto> allGroupUsers = new HashSet<UserDto>();
  List<GroupDto> allGroups = new ArrayList<GroupDto>();

  for (Group group : userGroups) {
    List<User> groupUsers = identityService.createUserQuery()
        .memberOfGroup(group.getId())
        .unlimitedList();

    for (User user : groupUsers) {
      if (!user.getId().equals(userId)) {
        allGroupUsers.add(new UserDto(user.getId(), user.getFirstName(), user.getLastName()));
      }
    }
    allGroups.add(new GroupDto(group.getId(), group.getName()));
  }

  return new GroupInfoDto(allGroups, allGroupUsers);
}
 

private boolean isHistoryEnabled() {
  IdentityService identityService = engine.getIdentityService();
  Authentication currentAuthentication = identityService.getCurrentAuthentication();
  try {
    identityService.clearAuthentication();
    int historyLevel = engine.getManagementService().getHistoryLevel();
    return historyLevel > ProcessEngineConfigurationImpl.HISTORYLEVEL_NONE;
  } finally {
    identityService.setAuthentication(currentAuthentication);
  }
}
 

protected FetchAndLockResult tryFetchAndLock(FetchAndLockRequest request) {

    ProcessEngine processEngine = null;
    IdentityService identityService = null;
    FetchAndLockResult result = null;

    try {
      processEngine = getProcessEngine(request);

      identityService = processEngine.getIdentityService();
      identityService.setAuthentication(request.getAuthentication());

      FetchExternalTasksExtendedDto fetchingDto = request.getDto();
      List<LockedExternalTaskDto> lockedTasks = executeFetchAndLock(fetchingDto, processEngine);
      result = FetchAndLockResult.successful(lockedTasks);
    }
    catch (Exception e) {
      result = FetchAndLockResult.failed(e);
    }
    finally {
      if (identityService != null) {
        identityService.clearAuthentication();
      }
    }

    return result;
  }
 

private void createAuthenticationData() {
  IdentityService identityService = engineRule.getIdentityService();
  Group group = identityService.newGroup("group");
  identityService.saveGroup(group);
  User user = identityService.newUser("user");
  User user2 = identityService.newUser("user2");
  identityService.saveUser(user);
  identityService.saveUser(user2);
  Tenant tenant = identityService.newTenant("tenant");
  identityService.saveTenant(tenant);
  Tenant tenant2 = identityService.newTenant("tenant2");
  identityService.saveTenant(tenant2);
  identityService.createMembership("user", "group");
  identityService.createTenantUserMembership("tenant", "user");
  identityService.createTenantUserMembership("tenant2", "user2");


  Resource resource1 = TestResource.RESOURCE1;
  // create global authorization which grants all permissions to all users (on resource1):
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalAuth.setResource(resource1);
  globalAuth.setResourceId(ANY);
  globalAuth.addPermission(TestPermissions.ALL);
  authorizationService.saveAuthorization(globalAuth);

  //grant user read auth on resource2
  Resource resource2 = TestResource.RESOURCE2;
  Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  userGrant.setUserId("user");
  userGrant.setResource(resource2);
  userGrant.setResourceId(ANY);
  userGrant.addPermission(TestPermissions.READ);
  authorizationService.saveAuthorization(userGrant);

  identityService.setAuthenticatedUserId("user");
}
 

public TaskFormData createTaskForm(TaskEntity task) {
  ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
  IdentityService identityService = processEngineConfiguration.getIdentityService();
  RuntimeService runtimeService = processEngineConfiguration.getRuntimeService();

  logAuthentication(identityService);
  logInstancesCount(runtimeService);

  TaskFormDataImpl result = new TaskFormDataImpl();
  result.setTask(task);
  return result;
}
 

public void submitFormVariables(VariableMap properties, VariableScope variableScope) {
  ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
  IdentityService identityService = processEngineConfiguration.getIdentityService();
  RuntimeService runtimeService = processEngineConfiguration.getRuntimeService();

  logAuthentication(identityService);
  logInstancesCount(runtimeService);
}
 

@DescribesScenario("startProcessInstance")
@Times(1)
public static ScenarioSetup startProcessInstance() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();

      String userId = USER_ID + scenarioName;
      String groupid = GROUP_ID + scenarioName;
      // create an user
      User user = identityService.newUser(userId);
      identityService.saveUser(user);

      // create group
      Group group = identityService.newGroup(groupid);
      identityService.saveGroup(group);

      // create membership
      identityService.createMembership(userId, groupid);

      //create full authorization
      AuthorizationService authorizationService = engine.getAuthorizationService();

      //authorization for process definition
      Authorization authProcDef = createAuthorization(authorizationService, Permissions.ALL, Resources.PROCESS_DEFINITION, userId);
      engine.getAuthorizationService().saveAuthorization(authProcDef);

      //authorization for deployment
      Authorization authDeployment = createAuthorization(authorizationService, Permissions.ALL, Resources.DEPLOYMENT, userId);
      engine.getAuthorizationService().saveAuthorization(authDeployment);

      //authorization for process instance create
      Authorization authProcessInstance = createAuthorization(authorizationService, Permissions.CREATE, Resources.PROCESS_INSTANCE, userId);
      engine.getAuthorizationService().saveAuthorization(authProcessInstance);

      // start a process instance
      engine.getRuntimeService().startProcessInstanceByKey(PROCESS_DEF_KEY, scenarioName);
    }
  };
}
 

public boolean validate(Object submittedValue, FormFieldValidatorContext validatorContext) {
  ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
  IdentityService identityService = processEngineConfiguration.getIdentityService();
  RuntimeService runtimeService = processEngineConfiguration.getRuntimeService();

  logAuthentication(identityService);
  logInstancesCount(runtimeService);

  return true;
}