Examples with Authorization org.camunda.bpm.engine.authorization.Authorization used on opensource projects

Search in sources :

Example 96 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class AuthorizationServiceWithEnabledAuthorizationTest method testUserOverrideGroupOverrideGlobalAuthorizationCheck.

public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
    TestResource resource1 = new TestResource("resource1", 100);
    // create global authorization which grants all permissions to all users  (on resource1):
    Authorization globalGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    globalGrant.setResource(resource1);
    globalGrant.setResourceId(ANY);
    globalGrant.addPermission(ALL);
    authorizationService.saveAuthorization(globalGrant);
    // revoke READ for group "sales"
    Authorization groupRevoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    groupRevoke.setGroupId("sales");
    groupRevoke.setResource(resource1);
    groupRevoke.setResourceId(ANY);
    groupRevoke.removePermission(READ);
    authorizationService.saveAuthorization(groupRevoke);
    // add READ for jonny
    Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    userGrant.setUserId("jonny");
    userGrant.setResource(resource1);
    userGrant.setResourceId(ANY);
    userGrant.addPermission(READ);
    authorizationService.saveAuthorization(userGrant);
    List<String> jonnysGroups = Arrays.asList("sales", "marketing");
    List<String> someOneElsesGroups = Collections.singletonList("marketing");
    // jonny can read
    assertTrue(authorizationService.isUserAuthorized("jonny", jonnysGroups, READ, resource1));
    assertTrue(authorizationService.isUserAuthorized("jonny", null, READ, resource1));
    // someone else in the same groups cannot
    assertFalse(authorizationService.isUserAuthorized("someone else", jonnysGroups, READ, resource1));
    // someone else in different groups can
    assertTrue(authorizationService.isUserAuthorized("someone else", someOneElsesGroups, READ, resource1));
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization)

Example 97 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class DefaultAuthorizationProviderTest method testCreateGroup.

public void testCreateGroup() {
    // initially there are no authorizations for group "sales":
    assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count());
    // create new group
    identityService.saveGroup(identityService.newGroup("sales"));
    // now there is an authorization for sales which grants all members READ permissions
    Authorization authorization = authorizationService.createAuthorizationQuery().groupIdIn("sales").singleResult();
    assertNotNull(authorization);
    assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
    assertEquals(GROUP.resourceType(), authorization.getResourceType());
    assertEquals("sales", authorization.getResourceId());
    assertTrue(authorization.isPermissionGranted(READ));
    // delete the group
    identityService.deleteGroup("sales");
    // the authorization is deleted as well:
    assertEquals(0, authorizationService.createAuthorizationQuery().groupIdIn("sales").count());
}
Also used : Authorization(org.camunda.bpm.engine.authorization.Authorization)

Example 98 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserUnlock.

public void testUserUnlock() throws ParseException {
    // crate user while still in god-mode:
    String userId = "jonny";
    User jonny = identityService.newUser(userId);
    jonny.setPassword("xxx");
    identityService.saveUser(jonny);
    lockUser(userId, "invalid pwd");
    // assume
    int maxNumOfAttempts = 10;
    UserEntity lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNotNull(lockedUser.getLockExpirationTime());
    assertEquals(maxNumOfAttempts, lockedUser.getAttempts());
    // create global auth
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL);
    authorizationService.saveAuthorization(basePerms);
    // set auth
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthentication("admin", Collections.singletonList(Groups.CAMUNDA_ADMIN), null);
    // when
    identityService.unlockUser(lockedUser.getId());
    // then
    lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNull(lockedUser.getLockExpirationTime());
    assertEquals(0, lockedUser.getAttempts());
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 99 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenantQueryAuthorizations.

public void testTenantQueryAuthorizations() {
    // we are jonny2
    String authUserId = "jonny2";
    identityService.setAuthenticatedUserId(authUserId);
    // create new user jonny1
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    // create new tenant
    Tenant tenant = identityService.newTenant("tenant");
    identityService.saveTenant(tenant);
    // set base permission for all users (no-one has any permissions on tenants)
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT);
    basePerms.setResourceId(ANY);
    authorizationService.saveAuthorization(basePerms);
    // now enable checks
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we cannot fetch the tenants
    assertEquals(0, identityService.createTenantQuery().count());
    // now we add permission for jonny2 to read the tenants:
    processEngineConfiguration.setAuthorizationEnabled(false);
    Authorization ourPerms = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    ourPerms.setUserId(authUserId);
    ourPerms.setResource(TENANT);
    ourPerms.setResourceId(ANY);
    ourPerms.addPermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we can fetch the tenants
    assertEquals(1, identityService.createTenantQuery().count());
    // change the base permission:
    processEngineConfiguration.setAuthorizationEnabled(false);
    basePerms = authorizationService.createAuthorizationQuery().resourceType(TENANT).userIdIn("*").singleResult();
    basePerms.addPermission(READ);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // we can still fetch the tenants
    assertEquals(1, identityService.createTenantQuery().count());
    // revoke permission for jonny2:
    processEngineConfiguration.setAuthorizationEnabled(false);
    ourPerms = authorizationService.createAuthorizationQuery().resourceType(TENANT).userIdIn(authUserId).singleResult();
    ourPerms.removePermission(READ);
    authorizationService.saveAuthorization(ourPerms);
    Authorization revoke = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
    revoke.setUserId(authUserId);
    revoke.setResource(TENANT);
    revoke.setResourceId(ANY);
    revoke.removePermission(READ);
    authorizationService.saveAuthorization(revoke);
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now we cannot fetch the tenants
    assertEquals(0, identityService.createTenantQuery().count());
    // delete our permissions
    processEngineConfiguration.setAuthorizationEnabled(false);
    authorizationService.deleteAuthorization(ourPerms.getId());
    authorizationService.deleteAuthorization(revoke.getId());
    processEngineConfiguration.setAuthorizationEnabled(true);
    // now the base permission applies and grants us read access
    assertEquals(1, identityService.createTenantQuery().count());
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) Tenant(org.camunda.bpm.engine.identity.Tenant)

Example 100 with Authorization

use of org.camunda.bpm.engine.authorization.Authorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenanGroupMembershipDeleteAuthorizations.

public void testTenanGroupMembershipDeleteAuthorizations() {
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);
    // add base permission which allows nobody to delete memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'delete'
    basePerms.addPermission(ALL);
    basePerms.removePermission(DELETE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.deleteTenantGroupMembership("tenant1", "group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(DELETE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) Tenant(org.camunda.bpm.engine.identity.Tenant) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Aggregations

Authorization (org.camunda.bpm.engine.authorization.Authorization)117 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)26 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)22 User (org.camunda.bpm.engine.identity.User)20 Test (org.junit.Test)17 AuthorizationQuery (org.camunda.bpm.engine.authorization.AuthorizationQuery)16 Group (org.camunda.bpm.engine.identity.Group)13 Permission (org.camunda.bpm.engine.authorization.Permission)12 AuthorizationService (org.camunda.bpm.engine.AuthorizationService)9 Tenant (org.camunda.bpm.engine.identity.Tenant)9 AuthorizationDto (org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto)8 Matchers.anyString (org.mockito.Matchers.anyString)7 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)5 IdentityService (org.camunda.bpm.engine.IdentityService)3 Resource (org.camunda.bpm.engine.authorization.Resource)3 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)3 Before (org.junit.Before)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 Filter (org.camunda.bpm.engine.filter.Filter)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial