org.camunda.bpm.engine.authorization.Groups Java Examples

The following examples show how to use org.camunda.bpm.engine.authorization.Groups. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeycloakGroupService.java    From camunda-bpm-identity-keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Checks whether a Keycloak JSON result represents a SYSTEM group.
 * @param result the Keycloak JSON result
 * @return {@code true} in case the result is a SYSTEM group.
 * @throws JsonException in case of errors
 */
private boolean isSystemGroup(JsonObject result) throws JsonException {
	String name = getJsonString(result, "name");
	if (Groups.CAMUNDA_ADMIN.equals(name) || 
			name.equals(keycloakConfiguration.getAdministratorGroupName())) {
		return true;
	}
	try {
		JsonArray types = getJsonArray(getJsonObject(result, "attributes"), "type");
		for (int i = 0; i < types.size(); i++) {
			if (Groups.GROUP_TYPE_SYSTEM.equals(getJsonStringAtIndex(types, i).toUpperCase())) {
				return true;
			}
		}
	} catch (JsonException ex) {
		return false;
	}
	return false;
}
 
Example #2
Source File: AuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
public void testDefaultAuthorizationQueryForCamundaAdminOnUpgrade() {

  processEngineConfiguration.setAuthorizationEnabled(true);

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.TENANT)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.TENANT_MEMBERSHIP)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

  assertEquals(1, authorizationService.createAuthorizationQuery()
    .resourceType(Resources.BATCH)
    .groupIdIn(Groups.CAMUNDA_ADMIN)
    .hasPermission(Permissions.ALL).count());

}
 
Example #3
Source File: HistoryCleanupAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Test
@Deployment(resources = { "org/camunda/bpm/engine/test/dmn/businessruletask/DmnBusinessRuleTaskTest.testDecisionRef.bpmn20.xml",
    "org/camunda/bpm/engine/test/api/history/testDmnWithPojo.dmn11.xml", "org/camunda/bpm/engine/test/api/authorization/oneTaskCase.cmmn" })
public void testHistoryCleanupWithAuthorization() {
  // given
  prepareInstances(5, 5, 5);

  ClockUtil.setCurrentTime(new Date());
  // when
  identityService.setAuthentication("user", Collections.singletonList(Groups.CAMUNDA_ADMIN), null);

  String jobId = historyService.cleanUpHistoryAsync(true).getId();

  managementService.executeJob(jobId);

  // then
  assertResult(0);
}
 
Example #4
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testGetProcessApplicationForDeploymentAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
  ProcessApplicationReference reference = processApplication.getReference();
  registerProcessApplication(deploymentId, reference);

  // when
  String application = managementService.getProcessApplicationForDeployment(deploymentId);

  // then
  assertNotNull(application);

  deleteDeployment(deploymentId);
}
 
Example #5
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testUnregisterProcessApplicationAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
  ProcessApplicationReference reference = processApplication.getReference();
  registerProcessApplication(deploymentId, reference);

  // when
  managementService.unregisterProcessApplication(deploymentId, true);

  // then
  assertNull(getProcessApplicationForDeployment(deploymentId));

  deleteDeployment(deploymentId);
}
 
Example #6
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public void testRegisterProcessApplicationAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
  ProcessApplicationReference reference = processApplication.getReference();
  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();

  // when
  ProcessApplicationRegistration registration = managementService.registerProcessApplication(deploymentId, reference);

  // then
  assertNotNull(registration);
  assertNotNull(getProcessApplicationForDeployment(deploymentId));

  deleteDeployment(deploymentId);
}
 
Example #7
Source File: KeycloakGroupService.java    From camunda-bpm-identity-keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Maps a Keycloak JSON result to a Group object
 * @param result the Keycloak JSON result
 * @return the Group object
 * @throws JsonException in case of errors
 */
private GroupEntity transformGroup(JsonObject result) throws JsonException {
	GroupEntity group = new GroupEntity();
	if (keycloakConfiguration.isUseGroupPathAsCamundaGroupId()) {
		group.setId(getJsonString(result, "path").substring(1)); // remove trailing '/'
	} else {
		group.setId(getJsonString(result, "id"));
	}
	group.setName(getJsonString(result, "name"));
	if (isSystemGroup(result)) {
		group.setType(Groups.GROUP_TYPE_SYSTEM);
	} else {
		group.setType(Groups.GROUP_TYPE_WORKFLOW);
	}
	return group;
}
 
Example #8
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGetRegisteredDeploymentsAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();

  // when
  Set<String> deployments = managementService.getRegisteredDeployments();

  // then
  assertTrue(deployments.contains(deploymentId));

  deleteDeployment(deploymentId);
}
 
Example #9
Source File: AuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testDefaultAuthorizationForCamundaAdminOnUpgrade() {

  // The below test cases are skipped for H2 as there is a bug in H2 version 1.3 (Query does not return the expected output)
  // This H2 exclusion check will be removed as part of CAM-6044, when the H2 database is upgraded to the version 1.4 (Bug was fixed)
  // Update: Upgrading to 1.4.190 did not help, still failing -> CAM-
  if (DbSqlSessionFactory.H2.equals(processEngineConfiguration.getDatabaseType())) {
    return;
  }

  processEngineConfiguration.setAuthorizationEnabled(true);
  assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.TENANT));
  assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.TENANT_MEMBERSHIP));
  assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.BATCH));
}
 
Example #10
Source File: KeycloakConfigureAdminGroupTest.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
public void testAdminGroupConfiguration() {
	// check engine configuration
	List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
	assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
	String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
	
	// check that authorizations have been created
	assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId).count() > 0);
	
	// check sample authorization for applications
	assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId)
			.resourceType(Resources.APPLICATION)
			.resourceId(Authorization.ANY)
			.hasPermission(Permissions.ALL)
			.count());

	// query user data
	User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
	assertNotNull(user);
	assertEquals("[email protected]", user.getEmail());
	
	// query groups
	Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
	assertNotNull(group);
	assertEquals("camunda-admin", group.getName());
}
 
Example #11
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testTelemetryEnabledAsCamundaAdmin() {
  // given
  disableAuthorization();
  managementService.toggleTelemetry(true);
  enableAuthorization();
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // when
  managementService.toggleTelemetry(false);

  // then
  assertThat(managementService.isTelemetryEnabled()).isFalse();
}
 
Example #12
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGetHistoryLevelAsCamundaAdmin() {
  //given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // when
  int historyLevel = managementService.getHistoryLevel();

  // then
  assertEquals(processEngineConfiguration.getHistoryLevel().getId(), historyLevel);
}
 
Example #13
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testTablePageQueryAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
  String tablePrefix = processEngineConfiguration.getDatabaseTablePrefix();

  // when
  TablePage page = managementService.createTablePageQuery().tableName(tablePrefix + "ACT_RE_PROCDEF").listPage(0, Integer.MAX_VALUE);

  // then
  assertNotNull(page);
}
 
Example #14
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGetTableMetaDataAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // when
  TableMetaData tableMetaData = managementService.getTableMetaData("ACT_RE_PROCDEF");

  // then
  assertNotNull(tableMetaData);
}
 
Example #15
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGetTableNameAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
  String tablePrefix = processEngineConfiguration.getDatabaseTablePrefix();

  // when
  String tableName = managementService.getTableName(ProcessDefinitionEntity.class);

  // then
  assertEquals(tablePrefix + "ACT_RE_PROCDEF", tableName);
}
 
Example #16
Source File: ManagementAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testGetTableCountAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // when
  Map<String, Long> tableCount = managementService.getTableCount();

  // then
  assertFalse(tableCount.isEmpty());
}
 
Example #17
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testUnregisterDeploymentForJobExecutorAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();

  // when
  managementService.unregisterDeploymentForJobExecutor(deploymentId);

  // then
  assertFalse(getRegisteredDeployments().contains(deploymentId));

  deleteDeployment(deploymentId);
}
 
Example #18
Source File: DeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void testRegisterDeploymentForJobExecutorAsCamundaAdmin() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();

  // when
  managementService.registerDeploymentForJobExecutor(deploymentId);

  // then
  assertTrue(getRegisteredDeployments().contains(deploymentId));

  deleteDeployment(deploymentId);
}
 
Example #19
Source File: KeycloakConfigureAdminGroupAndUsePathAsId.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
public void testAdminGroupConfiguration() {
	// check engine configuration
	List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
	assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
	String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
	
	// check that authorizations have been created
	assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId).count() > 0);
	
	// check sample authorization for applications
	assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId)
			.resourceType(Resources.APPLICATION)
			.resourceId(Authorization.ANY)
			.hasPermission(Permissions.ALL)
			.count());

	// query user data
	User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
	assertNotNull(user);
	assertEquals("[email protected]", user.getEmail());
	
	// query groups
	Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
	assertNotNull(group);
	assertEquals("root/child1/subchild1", group.getId());
	assertEquals("subchild1", group.getName());
	
	// query groups using group member
	List<Group> groups = processEngine.getIdentityService().createGroupQuery().groupMember(user.getId()).list();
	assertNotNull(groups);
	assertEquals("Wrong number of groups for admin", 2, groups.size());
}
 
Example #20
Source File: KeycloakConfigureAdminGroupAsPathAndUsePathAsId.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
public void testAdminGroupConfiguration() {
	// check engine configuration
	List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
	assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
	String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
	
	// check that authorizations have been created
	assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId).count() > 0);
	
	// check sample authorization for applications
	assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId)
			.resourceType(Resources.APPLICATION)
			.resourceId(Authorization.ANY)
			.hasPermission(Permissions.ALL)
			.count());

	// query user data
	User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
	assertNotNull(user);
	assertEquals("[email protected]", user.getEmail());
	
	// query groups
	Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
	assertNotNull(group);
	assertEquals("root/child2", group.getId());
	assertEquals("child2", group.getName());

	// query groups using group member
	List<Group> groups = processEngine.getIdentityService().createGroupQuery().groupMember(user.getId()).list();
	assertNotNull(groups);
	assertEquals("Wrong number of groups for admin", 2, groups.size());
	
}
 
Example #21
Source File: KeycloakConfigureAdminGroupAsPath.java    From camunda-bpm-identity-keycloak with Apache License 2.0 5 votes vote down vote up
public void testAdminGroupConfiguration() {
	// check engine configuration
	List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
	assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
	String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
	
	// check that authorizations have been created
	assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId).count() > 0);
	
	// check sample authorization for applications
	assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
			.groupIdIn(adminGroupId)
			.resourceType(Resources.APPLICATION)
			.resourceId(Authorization.ANY)
			.hasPermission(Permissions.ALL)
			.count());

	// query user data
	User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
	assertNotNull(user);
	assertEquals("[email protected]", user.getEmail());
	
	// query groups
	Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
	assertNotNull(group);
	assertEquals("subchild1", group.getName());
}
 
Example #22
Source File: SchemaLogQueryAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testQueryWithAuthorization() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // then
  assertThat(managementService.createSchemaLogQuery().list().size(), is(greaterThan(0)));
}
 
Example #23
Source File: SchemaLogQueryAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void testCountQueryWithAuthorization() {
  // given
  identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));

  // then
  assertThat(managementService.createSchemaLogQuery().count(), is(greaterThan(0L)));
}
 
Example #24
Source File: MultiTenancyCommandTenantCheckTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Test
public void disableTenantCheckForCamundaAdmin() {
  identityService.setAuthentication("user", Collections.singletonList(Groups.CAMUNDA_ADMIN), null);

  processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() {

    @Override
    public Void execute(CommandContext commandContext) {
      // camunda-admin should access data from all tenants
      assertThat(commandContext.getTenantManager().isTenantCheckEnabled(), is(false));

      return null;
    }
  });
}
 
Example #25
Source File: ProcessEngineConfigurationImpl.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void initAdminGroups() {
  if (adminGroups == null) {
    adminGroups = new ArrayList<>();
  }
  if (adminGroups.isEmpty() || !(adminGroups.contains(Groups.CAMUNDA_ADMIN))) {
    adminGroups.add(Groups.CAMUNDA_ADMIN);
  }
}
 
Example #26
Source File: CreateAdminUserConfiguration.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 
Example #27
Source File: DemoDataGenerator.java    From camunda-bpm-elasticsearch with Apache License 2.0 5 votes vote down vote up
public void afterPropertiesSet() throws Exception {

    System.out.println("Generating demo data");

    scheduleInstanceStart();

    // ensure admin user exists
    IdentityService identityService = processEngine.getIdentityService();
    User user = identityService.createUserQuery().userId("demo").singleResult();
    if(user == null) {
      User newUser = identityService.newUser("demo");
      newUser.setPassword("demo");
      identityService.saveUser(newUser);
      System.out.println("Created used 'demo', password 'demo'");
      AuthorizationService authorizationService = processEngine.getAuthorizationService();

      // create group
      if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
        Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
        camundaAdminGroup.setName("camunda BPM Administrators");
        camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
        identityService.saveGroup(camundaAdminGroup);
      }

      // create ADMIN authorizations on all built-in resources
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
          userAdminAuth.setResource(resource);
          userAdminAuth.setResourceId(ANY);
          userAdminAuth.addPermission(ALL);
          authorizationService.saveAuthorization(userAdminAuth);
        }
      }

      processEngine.getIdentityService()
      .createMembership("demo", Groups.CAMUNDA_ADMIN);
    }
  }
 
Example #28
Source File: CreateAdminUserConfiguration.java    From camunda-bpm-spring-boot-starter with Apache License 2.0 5 votes vote down vote up
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 
Example #29
Source File: Application.java    From camunda-spring-boot-amqp-microservice-cloud-example with Apache License 2.0 4 votes vote down vote up
public static void createDefaultUser(ProcessEngine engine) {
  // and add default user to Camunda to be ready-to-go
  if (engine.getIdentityService().createUserQuery().userId("demo").count() == 0) {
    User user = engine.getIdentityService().newUser("demo");
    user.setFirstName("Demo");
    user.setLastName("Demo");
    user.setPassword("demo");
    user.setEmail("[email protected]");
    engine.getIdentityService().saveUser(user);

    Group group = engine.getIdentityService().newGroup(Groups.CAMUNDA_ADMIN);
    group.setName("Administrators");
    group.setType(Groups.GROUP_TYPE_SYSTEM);
    engine.getIdentityService().saveGroup(group);

    for (Resource resource : Resources.values()) {
      Authorization auth = engine.getAuthorizationService().createNewAuthorization(AUTH_TYPE_GRANT);
      auth.setGroupId(Groups.CAMUNDA_ADMIN);
      auth.addPermission(ALL);
      auth.setResourceId(ANY);
      auth.setResource(resource);
      engine.getAuthorizationService().saveAuthorization(auth);
    }

    engine.getIdentityService().createMembership("demo", Groups.CAMUNDA_ADMIN);
  }

  // create default "all tasks" filter
  if (engine.getFilterService().createFilterQuery().filterName("Alle").count() == 0) {

    Map<String, Object> filterProperties = new HashMap<String, Object>();
    filterProperties.put("description", "Alle Aufgaben");
    filterProperties.put("priority", 10);

    Filter filter = engine.getFilterService().newTaskFilter() //
        .setName("Alle") //
        .setProperties(filterProperties)//
        .setOwner("demo")//
        .setQuery(engine.getTaskService().createTaskQuery());
    engine.getFilterService().saveFilter(filter);

    // and authorize demo user for it
    if (engine.getAuthorizationService().createAuthorizationQuery().resourceType(FILTER).resourceId(filter.getId()) //
        .userIdIn("demo").count() == 0) {
      Authorization managementGroupFilterRead = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
      managementGroupFilterRead.setResource(FILTER);
      managementGroupFilterRead.setResourceId(filter.getId());
      managementGroupFilterRead.addPermission(ALL);
      managementGroupFilterRead.setUserId("demo");
      engine.getAuthorizationService().saveAuthorization(managementGroupFilterRead);
    }

  }
}