Examples with AuthorizationService org.camunda.bpm.engine.AuthorizationService used on opensource projects

Search in sources :

Example 6 with AuthorizationService

use of org.camunda.bpm.engine.AuthorizationService in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceImpl method isUserAuthorized.

public AuthorizationCheckResultDto isUserAuthorized(String permissionName, String resourceName, Integer resourceType, String resourceId) {
    // validate request:
    if (permissionName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'permissionName' cannot be null");
    } else if (resourceName == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceName' cannot be null");
    } else if (resourceType == null) {
        throw new InvalidRequestException(Status.BAD_REQUEST, "Query parameter 'resourceType' cannot be null");
    }
    final Authentication currentAuthentication = processEngine.getIdentityService().getCurrentAuthentication();
    if (currentAuthentication == null) {
        throw new InvalidRequestException(Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
    }
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();
    // create new authorization dto implementing both Permission and Resource
    AuthorizationUtil authorizationUtil = new AuthorizationUtil(resourceName, resourceType, permissionName);
    boolean isUserAuthorized = false;
    if (resourceId == null || Authorization.ANY.equals(resourceId)) {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil);
    } else {
        isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil, resourceId);
    }
    return new AuthorizationCheckResultDto(isUserAuthorized, authorizationUtil, resourceId);
}
Also used : AuthorizationCheckResultDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto) AuthorizationUtil(org.camunda.bpm.engine.rest.util.AuthorizationUtil) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) InvalidRequestException(org.camunda.bpm.engine.rest.exception.InvalidRequestException)

Example 7 with AuthorizationService

use of org.camunda.bpm.engine.AuthorizationService in project camunda-bpm-platform by camunda.

the class RuntimeAuthorizationQueryPerformanceTest method createAuthorizations.

@Before
public void createAuthorizations() {
    AuthorizationService authorizationService = engine.getAuthorizationService();
    List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
    for (Authorization authorization : auths) {
        authorizationService.deleteAuthorization(authorization.getId());
    }
    userGrant("test", resource, permissions);
    for (int i = 0; i < 5; i++) {
        grouptGrant("g" + i, resource, permissions);
    }
    engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) Before(org.junit.Before)

Example 8 with AuthorizationService

use of org.camunda.bpm.engine.AuthorizationService in project camunda-bpm-platform by camunda.

the class AdministratorAuthorizationPlugin method postProcessEngineBuild.

public void postProcessEngineBuild(ProcessEngine processEngine) {
    if (!authorizationEnabled) {
        return;
    }
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();
    if (administratorGroupName != null && administratorGroupName.length() > 0) {
        // create ADMIN authorizations on all built-in resources for configured group
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) {
                AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
                adminGroupAuth.setGroupId(administratorGroupName);
                adminGroupAuth.setResource(resource);
                adminGroupAuth.setResourceId(ANY);
                adminGroupAuth.addPermission(ALL);
                authorizationService.saveAuthorization(adminGroupAuth);
                LOG.grantGroupPermissions(administratorGroupName, resource.resourceName());
            }
        }
    }
    if (administratorUserName != null && administratorUserName.length() > 0) {
        // create ADMIN authorizations on all built-in resources for configured user
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().userIdIn(administratorUserName).resourceType(resource).resourceId(ANY).count() == 0) {
                AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
                adminUserAuth.setUserId(administratorUserName);
                adminUserAuth.setResource(resource);
                adminUserAuth.setResourceId(ANY);
                adminUserAuth.addPermission(ALL);
                authorizationService.saveAuthorization(adminUserAuth);
                LOG.grantUserPermissions(administratorUserName, resource.resourceName());
            }
        }
    }
}
Also used : AuthorizationService(org.camunda.bpm.engine.AuthorizationService) AuthorizationEntity(org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity) Resource(org.camunda.bpm.engine.authorization.Resource)

Example 9 with AuthorizationService

use of org.camunda.bpm.engine.AuthorizationService in project camunda-bpm-platform by camunda.

the class AuthorizationScenario method startProcessInstance.

@DescribesScenario("startProcessInstance")
@Times(1)
public static ScenarioSetup startProcessInstance() {
    return new ScenarioSetup() {

        public void execute(ProcessEngine engine, String scenarioName) {
            IdentityService identityService = engine.getIdentityService();
            String userId = USER_ID + scenarioName;
            String groupid = GROUP_ID + scenarioName;
            // create an user
            User user = identityService.newUser(userId);
            identityService.saveUser(user);
            // create group
            Group group = identityService.newGroup(groupid);
            identityService.saveGroup(group);
            // create membership
            identityService.createMembership(userId, groupid);
            // create full authorization
            AuthorizationService authorizationService = engine.getAuthorizationService();
            // authorization for process definition
            Authorization authProcDef = createAuthorization(authorizationService, Permissions.ALL, Resources.PROCESS_DEFINITION, userId);
            engine.getAuthorizationService().saveAuthorization(authProcDef);
            // authorization for deployment
            Authorization authDeployment = createAuthorization(authorizationService, Permissions.ALL, Resources.DEPLOYMENT, userId);
            engine.getAuthorizationService().saveAuthorization(authDeployment);
            // authorization for process instance create
            Authorization authProcessInstance = createAuthorization(authorizationService, Permissions.CREATE, Resources.PROCESS_INSTANCE, userId);
            engine.getAuthorizationService().saveAuthorization(authProcessInstance);
            // start a process instance
            engine.getRuntimeService().startProcessInstanceByKey(PROCESS_DEF_KEY, scenarioName);
        }
    };
}
Also used : IdentityService(org.camunda.bpm.engine.IdentityService) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) ScenarioSetup(org.camunda.bpm.qa.upgrade.ScenarioSetup) ProcessEngine(org.camunda.bpm.engine.ProcessEngine) DescribesScenario(org.camunda.bpm.qa.upgrade.DescribesScenario) Times(org.camunda.bpm.qa.upgrade.Times)

Example 10 with AuthorizationService

use of org.camunda.bpm.engine.AuthorizationService in project camunda-bpm-platform by camunda.

the class PurgeDatabaseTest method createAuthenticationData.

private void createAuthenticationData() {
    IdentityService identityService = engineRule.getIdentityService();
    Group group = identityService.newGroup("group");
    identityService.saveGroup(group);
    User user = identityService.newUser("user");
    User user2 = identityService.newUser("user2");
    identityService.saveUser(user);
    identityService.saveUser(user2);
    Tenant tenant = identityService.newTenant("tenant");
    identityService.saveTenant(tenant);
    Tenant tenant2 = identityService.newTenant("tenant2");
    identityService.saveTenant(tenant2);
    identityService.createMembership("user", "group");
    identityService.createTenantUserMembership("tenant", "user");
    identityService.createTenantUserMembership("tenant2", "user2");
    TestResource resource1 = new TestResource("resource1", 100);
    // create global authorization which grants all permissions to all users (on resource1):
    AuthorizationService authorizationService = engineRule.getAuthorizationService();
    Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalAuth.setResource(resource1);
    globalAuth.setResourceId(ANY);
    globalAuth.addPermission(ALL);
    authorizationService.saveAuthorization(globalAuth);
    // grant user read auth on resource2
    TestResource resource2 = new TestResource("resource2", 200);
    Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    userGrant.setUserId("user");
    userGrant.setResource(resource2);
    userGrant.setResourceId(ANY);
    userGrant.addPermission(READ);
    authorizationService.saveAuthorization(userGrant);
    identityService.setAuthenticatedUserId("user");
}
Also used : IdentityService(org.camunda.bpm.engine.IdentityService) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) Tenant(org.camunda.bpm.engine.identity.Tenant) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) TestResource(org.camunda.bpm.engine.test.api.identity.TestResource)

Aggregations

AuthorizationService (org.camunda.bpm.engine.AuthorizationService)12 Authorization (org.camunda.bpm.engine.authorization.Authorization)9 IdentityService (org.camunda.bpm.engine.IdentityService)4 Group (org.camunda.bpm.engine.identity.Group)3 User (org.camunda.bpm.engine.identity.User)3 Before (org.junit.Before)3 Permission (org.camunda.bpm.engine.authorization.Permission)2 Resource (org.camunda.bpm.engine.authorization.Resource)2 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)2 AuthorizationEntity (org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity)2 HashMap (java.util.HashMap)1 FilterService (org.camunda.bpm.engine.FilterService)1 ProcessEngine (org.camunda.bpm.engine.ProcessEngine)1 TaskService (org.camunda.bpm.engine.TaskService)1 Filter (org.camunda.bpm.engine.filter.Filter)1 Tenant (org.camunda.bpm.engine.identity.Tenant)1 AuthorizationCheckResultDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto)1 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)1 AuthorizationUtil (org.camunda.bpm.engine.rest.util.AuthorizationUtil)1 TaskQuery (org.camunda.bpm.engine.task.TaskQuery)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial