Examples with IdentityProvider io.automatiko.engine.api.auth.IdentityProvider used on opensource projects

Search in sources :

Example 11 with IdentityProvider

use of io.automatiko.engine.api.auth.IdentityProvider in project automatiko-engine by automatiko-io.

the class $Type$Resource method abortTask.

@APIResponses(value = { @APIResponse(responseCode = "500", description = "In case of processing errors", content = @Content(mediaType = "application/json")), @APIResponse(responseCode = "404", description = "In case of task instance with given id was not found", content = @Content(mediaType = "application/json")), @APIResponse(responseCode = "200", description = "Successfully aborted instance of $taskName$ task with given id", content = @Content(mediaType = "application/json", schema = @Schema(implementation = $Type$Output.class))) })
@Operation(summary = "Aborts $taskName$ task instance with given id")
@DELETE()
@Path("$prefix$/$name$/{id_$name$}/$taskName$/{workItemId}")
@Produces(MediaType.APPLICATION_JSON)
public Response abortTask(@Context HttpHeaders httpHeaders, @PathParam("id") String id, @PathParam("id_$name$") String id_$name$, @PathParam("workItemId") final String workItemId, @QueryParam("phase") @DefaultValue("abort") final String phase, @QueryParam("user") final String user, @QueryParam("group") final List<String> groups, @QueryParam("metadata") @DefaultValue("false") final boolean metadata) {
    String execMode = httpHeaders.getHeaderString("X-ATK-Mode");
    try {
        if ("async".equalsIgnoreCase(execMode)) {
            String callbackUrl = httpHeaders.getHeaderString("X-ATK-Callback");
            Map<String, String> headers = httpHeaders.getRequestHeaders().entrySet().stream().collect(Collectors.toMap(Entry::getKey, e -> e.getValue().get(0)));
            IdentityProvider identity = identitySupplier.buildIdentityProvider(user, groups);
            IdentityProvider.set(null);
            CompletableFuture.runAsync(() -> {
                IdentityProvider.set(identity);
                io.automatiko.engine.services.uow.UnitOfWorkExecutor.executeInUnitOfWork(application.unitOfWorkManager(), () -> {
                    String combinedId;
                    if (id_$name$.contains(":")) {
                        combinedId = id_$name$;
                    } else {
                        combinedId = $parentprocessid$ + ":" + id_$name$;
                    }
                    ProcessInstance<$Type$> pi = subprocess_$name$.instances().findById(combinedId).orElseThrow(() -> new ProcessInstanceNotFoundException(id));
                    tracing(pi);
                    io.automatiko.engine.workflow.base.instance.impl.humantask.HumanTaskTransition transition = new io.automatiko.engine.workflow.base.instance.impl.humantask.HumanTaskTransition(phase, null, io.automatiko.engine.api.auth.IdentityProvider.get());
                    pi.transitionWorkItem(workItemId, transition);
                    io.automatiko.engine.workflow.http.HttpCallbacks.get().post(callbackUrl, getSubModel_$name$(pi, metadata), httpAuth.produce(headers), pi.status());
                    return null;
                });
            });
            ResponseBuilder builder = Response.accepted().entity(Collections.singletonMap("id", id));
            return builder.build();
        } else {
            identitySupplier.buildIdentityProvider(user, groups);
            return io.automatiko.engine.services.uow.UnitOfWorkExecutor.executeInUnitOfWork(application.unitOfWorkManager(), () -> {
                String combinedId;
                if (id_$name$.contains(":")) {
                    combinedId = id_$name$;
                } else {
                    combinedId = $parentprocessid$ + ":" + id_$name$;
                }
                ProcessInstance<$Type$> pi = subprocess_$name$.instances().findById(combinedId).orElseThrow(() -> new ProcessInstanceNotFoundException(id));
                tracing(pi);
                io.automatiko.engine.workflow.base.instance.impl.humantask.HumanTaskTransition transition = new io.automatiko.engine.workflow.base.instance.impl.humantask.HumanTaskTransition(phase, null, io.automatiko.engine.api.auth.IdentityProvider.get());
                pi.transitionWorkItem(workItemId, transition);
                ResponseBuilder builder = Response.ok().entity(getSubModel_$name$(pi, metadata));
                return builder.build();
            });
        }
    } catch (WorkItemNotFoundException e) {
        return null;
    }
}
Also used : List(java.util.List) Sig(io.automatiko.engine.workflow.Sig) ProcessInstanceReadMode(io.automatiko.engine.api.workflow.ProcessInstanceReadMode) Entry(java.util.Map.Entry) IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider) CompletableFuture(java.util.concurrent.CompletableFuture) WorkItemNotFoundException(io.automatiko.engine.api.runtime.process.WorkItemNotFoundException) ProcessInstance(io.automatiko.engine.api.workflow.ProcessInstance) Collections(java.util.Collections) Collectors(java.util.stream.Collectors) WorkItem(io.automatiko.engine.api.workflow.WorkItem) IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider) WorkItemNotFoundException(io.automatiko.engine.api.runtime.process.WorkItemNotFoundException)

Example 12 with IdentityProvider

use of io.automatiko.engine.api.auth.IdentityProvider in project automatiko-engine by automatiko-io.

the class UserTaskManagementResource method get.

@APIResponses(value = { @APIResponse(responseCode = "404", description = "In case of instance with given id was not found", content = @Content(mediaType = "text/html")), @APIResponse(responseCode = "200", description = "List of available processes", content = @Content(mediaType = "text/html")) })
@Operation(summary = "Retrives user task form for given user task", operationId = "getUserTaskForm")
@SuppressWarnings("unchecked")
@GET
@Path("{processId}/{pInstanceId}/{taskId}")
@Produces(MediaType.TEXT_HTML)
public TemplateInstance get(@Context UriInfo uriInfo, @Parameter(description = "Unique identifier of the process", required = true) @PathParam("processId") String processId, @Parameter(description = "Unique identifier of the instance", required = true) @PathParam("pInstanceId") String pInstanceId, @Parameter(description = "Unique identifier of the task", required = true) @PathParam("taskId") String taskId, @Parameter(description = "User identifier as alternative autroization info", required = false, hidden = true) @QueryParam("user") final String user, @Parameter(description = "Groups as alternative autroization info", required = false, hidden = true) @QueryParam("group") final List<String> groups) {
    IdentityProvider identityProvider = identitySupplier.buildIdentityProvider(user, groups);
    try {
        Process<?> process = processData.get(processId);
        if (process == null) {
            return getTemplate("process-not-found", PROCESS_INSTANCE_NOT_FOUND).instance().data("instanceId", pInstanceId);
        }
        Optional<ProcessInstance<?>> instance = (Optional<ProcessInstance<?>>) process.instances().findById(pInstanceId, ProcessInstanceReadMode.READ_ONLY);
        if (instance.isEmpty()) {
            return getTemplate("process-instance-not-found", PROCESS_INSTANCE_NOT_FOUND).instance().data("instanceId", pInstanceId);
        }
        ProcessInstance<?> pi = instance.get();
        WorkItem task = pi.workItem(taskId, SecurityPolicy.of(identityProvider));
        Template template = getTemplate(process.id(), task);
        if (template == null) {
            template = engine.getTemplate(DEFAULT_TEMPLATE);
        }
        String link = task.getReferenceId() + "?redirect=true";
        if (user != null && !user.isEmpty()) {
            link += "&user=" + user;
        }
        if (groups != null && !groups.isEmpty()) {
            for (String group : groups) {
                link += "&group=" + group;
            }
        }
        TemplateInstance templateInstance = template.data("task", task).data("url", new RawString(link));
        templateInstance.data("inputs", process.taskInputs(task.getId(), task.getName(), task.getParameters()));
        Map<String, Object> results = task.getResults();
        task.getParameters().entrySet().stream().forEach(e -> results.putIfAbsent(e.getKey(), e.getValue()));
        templateInstance.data("results", process.taskOutputs(task.getId(), task.getName(), results));
        return templateInstance;
    } catch (WorkItemNotFoundException e) {
        return getTemplate("task-not-found", TASK_INSTANCE_NOT_FOUND).instance().data("taskId", taskId);
    } finally {
        IdentityProvider.set(null);
    }
}
Also used : Optional(java.util.Optional) RawString(io.quarkus.qute.RawString) IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider) RawString(io.quarkus.qute.RawString) WorkItem(io.automatiko.engine.api.workflow.WorkItem) Template(io.quarkus.qute.Template) TemplateInstance(io.quarkus.qute.TemplateInstance) WorkItemNotFoundException(io.automatiko.engine.api.runtime.process.WorkItemNotFoundException) ProcessInstance(io.automatiko.engine.api.workflow.ProcessInstance) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) APIResponses(org.eclipse.microprofile.openapi.annotations.responses.APIResponses) Operation(org.eclipse.microprofile.openapi.annotations.Operation)

Example 13 with IdentityProvider

use of io.automatiko.engine.api.auth.IdentityProvider in project automatiko-engine by automatiko-io.

the class WebSocketEventPublisher method publish.

@Override
public void publish(DataEvent<?> event) {
    if (event instanceof ProcessInstanceDataEvent && !config.instance().orElse(true)) {
        LOGGER.debug("Skipping process instance event as the publisher should not deal with instances");
        return;
    } else if (event instanceof UserTaskInstanceDataEvent && !config.tasks().orElse(true)) {
        LOGGER.debug("Skipping user task event as the publisher should not deal with tasks");
        return;
    }
    String text;
    try {
        text = json.writeValueAsString(event);
        for (Session session : sessions.values()) {
            String filter = (String) session.getUserProperties().get("atk_filter");
            if (filter != null && !filter.matches(event.getType())) {
                continue;
            }
            boolean allowed = true;
            IdentityProvider identityProvider = (IdentityProvider) session.getUserProperties().get("atk_identity");
            if (event instanceof ProcessInstanceDataEvent) {
                List<String> visibleTo = ((ProcessInstanceDataEvent) event).getData().getVisibleTo();
                allowed = visibleTo.isEmpty() || visibleTo.contains(identityProvider.getName()) || visibleTo.stream().anyMatch(item -> identityProvider.getRoles().contains(item));
            } else if (event instanceof UserTaskInstanceDataEvent) {
                HumanTaskWorkItem workItem = ((UserTaskInstanceDataEvent) event).getData().sourceInstance();
                allowed = workItem.enforce(SecurityPolicy.of(identityProvider));
            }
            if (allowed) {
                session.getAsyncRemote().sendText(text);
            }
        }
    } catch (Exception e) {
        LOGGER.error("Unexpected error when publishing websocket event", e);
    }
}
Also used : HumanTaskWorkItem(io.automatiko.engine.api.runtime.process.HumanTaskWorkItem) IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider) UserTaskInstanceDataEvent(io.automatiko.engine.services.event.UserTaskInstanceDataEvent) ProcessInstanceDataEvent(io.automatiko.engine.services.event.ProcessInstanceDataEvent) Session(javax.websocket.Session)

Example 14 with IdentityProvider

use of io.automatiko.engine.api.auth.IdentityProvider in project automatiko-engine by automatiko-io.

the class SecurityAwareBroadcastProcessor method onNext.

public void onNext(T item, HumanTaskWorkItem workItem) {
    ParameterValidation.nonNullNpe(item, "item");
    for (BroadcastSubscription<T> s : subscribers.get()) {
        IdentityProvider identityProvider = s.identityProvider();
        boolean allowed = workItem.enforce(SecurityPolicy.of(identityProvider));
        if (allowed) {
            s.onNext(item);
        }
    }
}
Also used : IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider)

Example 15 with IdentityProvider

use of io.automatiko.engine.api.auth.IdentityProvider in project automatiko-engine by automatiko-io.

the class UserTaskTest method testBasicUserTaskProcessClaimAndCompleteWrongUser.

@Test
public void testBasicUserTaskProcessClaimAndCompleteWrongUser() throws Exception {
    Application app = generateCodeProcessesOnly("usertask/UserTasksProcess.bpmn2");
    assertThat(app).isNotNull();
    Process<? extends Model> p = app.processes().processById("UserTasksProcess");
    Model m = p.createModel();
    Map<String, Object> parameters = new HashMap<>();
    m.fromMap(parameters);
    ProcessInstance<?> processInstance = p.createInstance(m);
    processInstance.start();
    assertThat(processInstance.status()).isEqualTo(ProcessInstance.STATE_ACTIVE);
    List<WorkItem> workItems = processInstance.workItems(securityPolicy);
    assertEquals(1, workItems.size());
    WorkItem wi = workItems.get(0);
    assertEquals("FirstTask", wi.getName());
    assertEquals(Active.ID, wi.getPhase());
    assertEquals(Active.STATUS, wi.getPhaseStatus());
    assertEquals(0, wi.getResults().size());
    final String wiId = wi.getId();
    IdentityProvider identity = new StaticIdentityProvider("kelly");
    // if user that is not authorized to work on work item both listing and getting
    // by id should apply it
    List<WorkItem> securedWorkItems = processInstance.workItems(SecurityPolicy.of(identity));
    assertEquals(0, securedWorkItems.size());
    assertThrows(WorkItemNotFoundException.class, () -> processInstance.workItem(wiId, SecurityPolicy.of(identity)));
    assertThrows(NotAuthorizedException.class, () -> processInstance.transitionWorkItem(wiId, new HumanTaskTransition(Claim.ID, null, identity)));
    assertThrows(NotAuthorizedException.class, () -> processInstance.completeWorkItem(wiId, null, SecurityPolicy.of(identity)));
    assertThat(processInstance.status()).isEqualTo(ProcessInstance.STATE_ACTIVE);
    workItems = processInstance.workItems(securityPolicy);
    assertEquals(1, workItems.size());
    wi = workItems.get(0);
    assertEquals("FirstTask", wi.getName());
    assertEquals(Active.ID, wi.getPhase());
    assertEquals(Active.STATUS, wi.getPhaseStatus());
    assertEquals(0, wi.getResults().size());
    IdentityProvider identityCorrect = new StaticIdentityProvider("john");
    processInstance.transitionWorkItem(workItems.get(0).getId(), new HumanTaskTransition(Complete.ID, null, identityCorrect));
    assertThat(processInstance.status()).isEqualTo(ProcessInstance.STATE_ACTIVE);
    workItems = processInstance.workItems(securityPolicy);
    assertEquals(1, workItems.size());
    wi = workItems.get(0);
    assertEquals("SecondTask", wi.getName());
    assertEquals(Active.ID, wi.getPhase());
    assertEquals(Active.STATUS, wi.getPhaseStatus());
    assertEquals(0, wi.getResults().size());
    processInstance.abort();
    assertThat(processInstance.status()).isEqualTo(ProcessInstance.STATE_ABORTED);
}
Also used : StaticIdentityProvider(io.automatiko.engine.services.identity.StaticIdentityProvider) HashMap(java.util.HashMap) StaticIdentityProvider(io.automatiko.engine.services.identity.StaticIdentityProvider) IdentityProvider(io.automatiko.engine.api.auth.IdentityProvider) WorkItem(io.automatiko.engine.api.workflow.WorkItem) HumanTaskTransition(io.automatiko.engine.workflow.base.instance.impl.humantask.HumanTaskTransition) Model(io.automatiko.engine.api.Model) Application(io.automatiko.engine.api.Application) AbstractCodegenTest(io.automatiko.engine.codegen.AbstractCodegenTest) Test(org.junit.jupiter.api.Test)

Aggregations

IdentityProvider (io.automatiko.engine.api.auth.IdentityProvider)15 ProcessInstance (io.automatiko.engine.api.workflow.ProcessInstance)8 List (java.util.List)8 WorkItemNotFoundException (io.automatiko.engine.api.runtime.process.WorkItemNotFoundException)7 WorkItem (io.automatiko.engine.api.workflow.WorkItem)7 Sig (io.automatiko.engine.workflow.Sig)6 Collections (java.util.Collections)6 Entry (java.util.Map.Entry)6 CompletableFuture (java.util.concurrent.CompletableFuture)6 Collectors (java.util.stream.Collectors)6 SecurityPolicy (io.automatiko.engine.api.auth.SecurityPolicy)4 Application (io.automatiko.engine.api.Application)3 HumanTaskWorkItem (io.automatiko.engine.api.runtime.process.HumanTaskWorkItem)3 Process (io.automatiko.engine.api.workflow.Process)3 ProcessInstanceReadMode (io.automatiko.engine.api.workflow.ProcessInstanceReadMode)3 GET (javax.ws.rs.GET)3 Path (javax.ws.rs.Path)3 InstanceMetadata (io.automatiko.engine.api.workflow.InstanceMetadata)2 ProcessImageNotFoundException (io.automatiko.engine.api.workflow.ProcessImageNotFoundException)2 ProcessInstanceExecutionException (io.automatiko.engine.api.workflow.ProcessInstanceExecutionException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial