org.camunda.bpm.engine.AuthorizationService Java Examples

The following examples show how to use org.camunda.bpm.engine.AuthorizationService. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractAuthorizedRestResource.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
protected boolean isAuthorized(Permission permission, Resource resource, String resourceId) {
  if (!processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
    // if authorization is disabled everyone is authorized
    return true;
  }

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  Authentication authentication = identityService.getCurrentAuthentication();
  if(authentication == null) {
    return true;

  } else {
    return authorizationService
       .isUserAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, resourceId);
  }
}
 
Example #2
Source File: TenantRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
@Before
public void setupData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);

  mockTenant = MockProvider.createMockTenant();
  mockQuery = setUpMockQuery(mockTenant);
}
 
Example #3
Source File: AuthorizationSpec.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
  Authorization authorization = authorizationService.createNewAuthorization(type);

  // TODO: group id is missing
  authorization.setResource(resource);

  if (replacements.containsKey(resourceId)) {
    authorization.setResourceId(replacements.get(resourceId));
  }
  else {
    authorization.setResourceId(resourceId);
  }
  authorization.setUserId(userId);
  authorization.setPermissions(permissions);

  return authorization;
}
 
Example #4
Source File: HistoryAuthorizationQueryPerformanceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 
Example #5
Source File: UserRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Before
public void setupUserData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);

}
 
Example #6
Source File: PurgeDatabaseTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
private void createAuthenticationData() {
  IdentityService identityService = engineRule.getIdentityService();
  Group group = identityService.newGroup("group");
  identityService.saveGroup(group);
  User user = identityService.newUser("user");
  User user2 = identityService.newUser("user2");
  identityService.saveUser(user);
  identityService.saveUser(user2);
  Tenant tenant = identityService.newTenant("tenant");
  identityService.saveTenant(tenant);
  Tenant tenant2 = identityService.newTenant("tenant2");
  identityService.saveTenant(tenant2);
  identityService.createMembership("user", "group");
  identityService.createTenantUserMembership("tenant", "user");
  identityService.createTenantUserMembership("tenant2", "user2");


  Resource resource1 = TestResource.RESOURCE1;
  // create global authorization which grants all permissions to all users (on resource1):
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalAuth.setResource(resource1);
  globalAuth.setResourceId(ANY);
  globalAuth.addPermission(TestPermissions.ALL);
  authorizationService.saveAuthorization(globalAuth);

  //grant user read auth on resource2
  Resource resource2 = TestResource.RESOURCE2;
  Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  userGrant.setUserId("user");
  userGrant.setResource(resource2);
  userGrant.setResourceId(ANY);
  userGrant.addPermission(TestPermissions.READ);
  authorizationService.saveAuthorization(userGrant);

  identityService.setAuthenticatedUserId("user");
}
 
Example #7
Source File: AuthorizationScenarioInstance.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
public void tearDown(AuthorizationService authorizationService) {
  Set<String> activeAuthorizations = new HashSet<String>();
  for (Authorization activeAuthorization : authorizationService.createAuthorizationQuery().list()) {
    activeAuthorizations.add(activeAuthorization.getId());
  }

  for (Authorization createdAuthorization : createdAuthorizations) {
    if (activeAuthorizations.contains(createdAuthorization.getId())) {
      authorizationService.deleteAuthorization(createdAuthorization.getId());
    }
  }
}
 
Example #8
Source File: GroupRestServiceInteractionTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Before
public void setupGroupData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);
}
 
Example #9
Source File: AuthorizationPerformanceTestCase.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void grouptGrant(String groupId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setGroupId(groupId);
    authorizationService.saveAuthorization(groupGrant);
  }
 
Example #10
Source File: AuthorizationPerformanceTestCase.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void userGrant(String userId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setUserId(userId);
    authorizationService.saveAuthorization(groupGrant);
  }
 
Example #11
Source File: RepositoryAuthorizationQueryPerformanceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 
Example #12
Source File: RuntimeAuthorizationQueryPerformanceTest.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 
Example #13
Source File: AuthorizationScenario.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@DescribesScenario("startProcessInstance")
@Times(1)
public static ScenarioSetup startProcessInstance() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();

      String userId = USER_ID + scenarioName;
      String groupid = GROUP_ID + scenarioName;
      // create an user
      User user = identityService.newUser(userId);
      identityService.saveUser(user);

      // create group
      Group group = identityService.newGroup(groupid);
      identityService.saveGroup(group);

      // create membership
      identityService.createMembership(userId, groupid);

      //create full authorization
      AuthorizationService authorizationService = engine.getAuthorizationService();

      //authorization for process definition
      Authorization authProcDef = createAuthorization(authorizationService, Permissions.ALL, Resources.PROCESS_DEFINITION, userId);
      engine.getAuthorizationService().saveAuthorization(authProcDef);

      //authorization for deployment
      Authorization authDeployment = createAuthorization(authorizationService, Permissions.ALL, Resources.DEPLOYMENT, userId);
      engine.getAuthorizationService().saveAuthorization(authDeployment);

      //authorization for process instance create
      Authorization authProcessInstance = createAuthorization(authorizationService, Permissions.CREATE, Resources.PROCESS_INSTANCE, userId);
      engine.getAuthorizationService().saveAuthorization(authProcessInstance);

      // start a process instance
      engine.getRuntimeService().startProcessInstanceByKey(PROCESS_DEF_KEY, scenarioName);
    }
  };
}
 
Example #14
Source File: AuthorizationScenario.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
  Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  auth.addPermission(permission);
  auth.setResource(resource);
  auth.setResourceId(Authorization.ANY);
  auth.setUserId(userId);
  return auth;
}
 
Example #15
Source File: CreateAdminUserConfiguration.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 
Example #16
Source File: DemoDataGenerator.java    From camunda-bpm-elasticsearch with Apache License 2.0 5 votes vote down vote up
public void afterPropertiesSet() throws Exception {

    System.out.println("Generating demo data");

    scheduleInstanceStart();

    // ensure admin user exists
    IdentityService identityService = processEngine.getIdentityService();
    User user = identityService.createUserQuery().userId("demo").singleResult();
    if(user == null) {
      User newUser = identityService.newUser("demo");
      newUser.setPassword("demo");
      identityService.saveUser(newUser);
      System.out.println("Created used 'demo', password 'demo'");
      AuthorizationService authorizationService = processEngine.getAuthorizationService();

      // create group
      if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
        Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
        camundaAdminGroup.setName("camunda BPM Administrators");
        camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
        identityService.saveGroup(camundaAdminGroup);
      }

      // create ADMIN authorizations on all built-in resources
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
          userAdminAuth.setResource(resource);
          userAdminAuth.setResourceId(ANY);
          userAdminAuth.addPermission(ALL);
          authorizationService.saveAuthorization(userAdminAuth);
        }
      }

      processEngine.getIdentityService()
      .createMembership("demo", Groups.CAMUNDA_ADMIN);
    }
  }
 
Example #17
Source File: CreateAdminUserConfiguration.java    From camunda-bpm-spring-boot-starter with Apache License 2.0 5 votes vote down vote up
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 
Example #18
Source File: SpringProcessEngineServicesConfiguration.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Bean(name = "authorizationService")
@Override
public AuthorizationService getAuthorizationService() {
  return processEngine.getAuthorizationService();
}
 
Example #19
Source File: AbstractProcessEngineServicesDelegate.java    From camunda-bpm-assert-scenario with Apache License 2.0 4 votes vote down vote up
public AuthorizationService getAuthorizationService() {
  return processEngine.getAuthorizationService();
}
 
Example #20
Source File: StandaloneTaskGetVariableAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
protected void deleteAuthorizations() {
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 
Example #21
Source File: AuthorizationScenarioInstance.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public AuthorizationScenarioInstance(AuthorizationScenario scenario, AuthorizationService authorizationService,
    Map<String, String> resourceBindings) {
  this.scenario = scenario;
  init(authorizationService, resourceBindings);
}
 
Example #22
Source File: RedeployDeploymentAuthorizationTest.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
protected void deleteAuthorizations() {
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 
Example #23
Source File: ProcessEngineRule.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public void setAuthorizationService(AuthorizationService authorizationService) {
  this.authorizationService = authorizationService;
}
 
Example #24
Source File: ProcessEngineRule.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Override
public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 
Example #25
Source File: ProcessEngineImpl.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
@Override
public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 
Example #26
Source File: ProcessEngineConfigurationImpl.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 
Example #27
Source File: AuthorizationQueryMock.java    From camunda-bpm-mockito with Apache License 2.0 4 votes vote down vote up
public AuthorizationQueryMock() {
 super(AuthorizationQuery.class, AuthorizationService.class);
}
 
Example #28
Source File: AuthorizationRestServiceImpl.java    From camunda-bpm-platform with Apache License 2.0 3 votes vote down vote up
public AuthorizationDto createAuthorization(UriInfo context, AuthorizationCreateDto dto) {
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  Authorization newAuthorization = authorizationService.createNewAuthorization(dto.getType());
  AuthorizationCreateDto.update(dto, newAuthorization, processEngine.getProcessEngineConfiguration());

  newAuthorization = authorizationService.saveAuthorization(newAuthorization);

  return getAuthorization(newAuthorization.getId()).getAuthorization(context);
}
 
Example #29
Source File: ProcessEngineServicesProducer.java    From camunda-bpm-platform with Apache License 2.0 votes vote down vote up
@Produces @Named @ApplicationScoped public AuthorizationService authorizationService() { return processEngine().getAuthorizationService(); } 
Example #30
Source File: NamedProcessEngineServicesProducer.java    From camunda-bpm-platform with Apache License 2.0 votes vote down vote up
@Produces @ProcessEngineName("") public AuthorizationService authorizationService(InjectionPoint ip) { return processEngine(ip).getAuthorizationService(); }