Examples with Authorization org.camunda.bpm.engine.authorization.Authorization used on opensource projects

Search in sources :

Example 71 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testAuthorizationResourceOptions.

@Test
public void testAuthorizationResourceOptions() {
    String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID;
    Authorization authorization = MockProvider.createMockGlobalAuthorization();
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(authorization);
    when(identityServiceMock.getCurrentAuthentication()).thenReturn(null);
    when(processEngineConfigurationMock.isAuthorizationEnabled()).thenReturn(true);
    given().pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID).then().statusCode(Status.OK.getStatusCode()).body("links[0].href", equalTo(fullAuthorizationUrl)).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("self")).body("links[1].href", equalTo(fullAuthorizationUrl)).body("links[1].method", equalTo(HttpMethod.DELETE)).body("links[1].rel", equalTo("delete")).body("links[2].href", equalTo(fullAuthorizationUrl)).body("links[2].method", equalTo(HttpMethod.PUT)).body("links[2].rel", equalTo("update")).when().options(AUTH_RESOURCE_PATH);
    verify(identityServiceMock, times(2)).getCurrentAuthentication();
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 72 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationRestServiceInteractionTest method testUpdateAuthorizationThrowsAuthorizationException.

@Test
public void testUpdateAuthorizationThrowsAuthorizationException() {
    Authorization authorization = MockProvider.createMockGlobalAuthorization();
    AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization);
    AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
    when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
    when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
    when(authorizationQuery.singleResult()).thenReturn(authorization);
    String message = "expected authorization exception";
    when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message));
    given().pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID).body(dto).contentType(ContentType.JSON).then().expect().statusCode(Status.FORBIDDEN.getStatusCode()).contentType(ContentType.JSON).body("type", equalTo(AuthorizationException.class.getSimpleName())).body("message", equalTo(message)).when().put(AUTH_RESOURCE_PATH);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationDto(org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto) AuthorizationQuery(org.camunda.bpm.engine.authorization.AuthorizationQuery) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 73 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserQueryAuthorizations.

public void testUserQueryAuthorizations() {
    // we are jonny2
    String authUserId = "jonny2";
    identityService.setAuthenticatedUserId(authUserId);
    // create new user jonny1
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    // set base permission for all users (no-one has any permissions on users)
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    authorizationService.saveAuthorization(basePerms);
    // now enable checks
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we cannot fetch the user
    assertNull(identityService.createUserQuery().singleResult());
    assertEquals(0, identityService.createUserQuery().count());
    processEngineConfiguration.setAuthorizationEnabled(false);
    // now we add permission for jonny2 to read the user:
    Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    ourPerms.setUserId(authUserId);
    ourPerms.setResource(USER);
    ourPerms.setResourceId(ANY);
    ourPerms.addPermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we can fetch the user
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());
    // change the base permission:
    processEngineConfiguration.setAuthorizationEnabled(false);
    basePerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn("*").singleResult();
    basePerms.addPermission(READ);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we can still fetch the user
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());
    // revoke permission for jonny2:
    processEngineConfiguration.setAuthorizationEnabled(false);
    ourPerms = authorizationService.createAuthorizationQuery().resourceType(USER).userIdIn(authUserId).singleResult();
    ourPerms.removePermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    revoke.setUserId(authUserId);
    revoke.setResource(USER);
    revoke.setResourceId(ANY);
    revoke.removePermission(READ);
    authorizationService.saveAuthorization(revoke);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we cannot fetch the user
    assertNull(identityService.createUserQuery().singleResult());
    assertEquals(0, identityService.createUserQuery().count());
    // delete our perms
    processEngineConfiguration.setAuthorizationEnabled(false);
    authorizationService.deleteAuthorization(ourPerms.getId());
    authorizationService.deleteAuthorization(revoke.getId());
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now the base permission applies and grants us read access
    assertNotNull(identityService.createUserQuery().singleResult());
    assertEquals(1, identityService.createUserQuery().count());
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User)

Example 74 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class RuntimeAuthorizationQueryPerformanceTest method createAuthorizations.

@Before
public void createAuthorizations() {
    AuthorizationService authorizationService = engine.getAuthorizationService();
    List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
    for (Authorization authorization : auths) {
        authorizationService.deleteAuthorization(authorization.getId());
    }
    userGrant("test", resource, permissions);
    for (int i = 0; i < 5; i++) {
        grouptGrant("g" + i, resource, permissions);
    }
    engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) AuthorizationService(org.camunda.bpm.engine.AuthorizationService) Before(org.junit.Before)

Example 75 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationScenarioInstance method assertAuthorizationException.

public void assertAuthorizationException(AuthorizationException e) {
    if (!missingAuthorizations.isEmpty() && e != null) {
        String message = e.getMessage();
        String assertionFailureMessage = describeScenarioFailure("Expected an authorization exception but the message was wrong: " + e.getMessage());
        List<MissingAuthorization> actualMissingAuthorizations = new ArrayList<MissingAuthorization>(e.getMissingAuthorizations());
        List<MissingAuthorization> expectedMissingAuthorizations = MissingAuthorizationMatcher.asMissingAuthorizations(missingAuthorizations);
        Assert.assertThat(actualMissingAuthorizations, containsInAnyOrder(MissingAuthorizationMatcher.asMatchers(expectedMissingAuthorizations)));
        for (Authorization missingAuthorization : missingAuthorizations) {
            Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getUserId()));
            Assert.assertEquals(missingAuthorization.getUserId(), e.getUserId());
            for (Permission permission : missingAuthorization.getPermissions(Permissions.values())) {
                if (permission != Permissions.NONE) {
                    Assert.assertTrue(assertionFailureMessage, message.contains(permission.getName()));
                }
            }
            if (!Authorization.ANY.equals(missingAuthorization.getResourceId())) {
                // missing ANY authorizations are not explicitly represented in the error message
                Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getResourceId()));
            }
            Resource resource = AuthorizationTestUtil.getResourceByType(missingAuthorization.getResourceType());
            Assert.assertTrue(assertionFailureMessage, message.contains(resource.resourceName()));
        }
    } else if (missingAuthorizations.isEmpty() && e == null) {
    // nothing to do
    } else {
        if (e != null) {
            Assert.fail(describeScenarioFailure("Expected no authorization exception but got one: " + e.getMessage()));
        } else {
            Assert.fail(describeScenarioFailure("Expected failure due to missing authorizations but code under test was successful"));
        }
    }
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) ArrayList(java.util.ArrayList) Permission(org.camunda.bpm.engine.authorization.Permission) Resource(org.camunda.bpm.engine.authorization.Resource)

Aggregations

Authorization (org.camunda.bpm.engine.authorization.Authorization)117 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)26 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)22 User (org.camunda.bpm.engine.identity.User)20 Test (org.junit.Test)17 AuthorizationQuery (org.camunda.bpm.engine.authorization.AuthorizationQuery)16 Group (org.camunda.bpm.engine.identity.Group)13 Permission (org.camunda.bpm.engine.authorization.Permission)12 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)9 Tenant (org.camunda.bpm.engine.identity.Tenant)9 AuthorizationDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto)8 Matchers.anyString (org.mockito.Matchers.anyString)7 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)5 IdentityService (org.camunda.bpm.engine.IdentityService)3 Resource (org.camunda.bpm.engine.authorization.Resource)3 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)3 Before (org.junit.Before)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 Filter (org.camunda.bpm.engine.filter.Filter)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial