Search in sources :

Example 1 with MissingAuthorization

use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.

the class AuthorizationException method generateExceptionMessage.

/**
 * Generate exception message from the missing authorizations.
 *
 * @param userId to use
 * @param missingAuthorizations to use
 * @return The prepared exception message
 */
private static String generateExceptionMessage(String userId, List<MissingAuthorization> missingAuthorizations) {
    StringBuilder sBuilder = new StringBuilder();
    sBuilder.append("The user with id '");
    sBuilder.append(userId);
    sBuilder.append("' does not have one of the following permissions: ");
    boolean first = true;
    for (MissingAuthorization missingAuthorization : missingAuthorizations) {
        if (!first) {
            sBuilder.append(" or ");
        } else {
            first = false;
        }
        sBuilder.append(generateMissingAuthorizationMessage(missingAuthorization));
    }
    return sBuilder.toString();
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization)

Example 2 with MissingAuthorization

use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.

the class AuthorizationManager method checkAuthorization.

public void checkAuthorization(List<PermissionCheck> permissionChecks) {
    if (isAuthCheckExecuted()) {
        Authentication currentAuthentication = getCurrentAuthentication();
        String userId = currentAuthentication.getUserId();
        boolean isAuthorized = isAuthorized(userId, currentAuthentication.getGroupIds(), permissionChecks);
        if (!isAuthorized) {
            List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
            for (PermissionCheck check : permissionChecks) {
                missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
            }
            throw new AuthorizationException(userId, missingAuthorizations);
        }
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) ArrayList(java.util.ArrayList)

Example 3 with MissingAuthorization

use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.

the class AuthorizationManager method checkAuthorization.

public void checkAuthorization(CompositePermissionCheck compositePermissionCheck) {
    if (isAuthCheckExecuted()) {
        Authentication currentAuthentication = getCurrentAuthentication();
        String userId = currentAuthentication.getUserId();
        boolean isAuthorized = isAuthorized(compositePermissionCheck);
        if (!isAuthorized) {
            List<MissingAuthorization> missingAuthorizations = new ArrayList<MissingAuthorization>();
            for (PermissionCheck check : compositePermissionCheck.getAllPermissionChecks()) {
                missingAuthorizations.add(new MissingAuthorization(check.getPermission().getName(), check.getResource().resourceName(), check.getResourceId()));
            }
            throw new AuthorizationException(userId, missingAuthorizations);
        }
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) PermissionCheck(org.camunda.bpm.engine.impl.db.PermissionCheck) CompositePermissionCheck(org.camunda.bpm.engine.impl.db.CompositePermissionCheck) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) Authentication(org.camunda.bpm.engine.impl.identity.Authentication) ArrayList(java.util.ArrayList)

Example 4 with MissingAuthorization

use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.

the class MissingAuthorizationMatcher method asMissingAuthorization.

protected static MissingAuthorization asMissingAuthorization(Authorization authorization) {
    String permissionName = null;
    String resourceId = null;
    String resourceName = null;
    for (Permission permission : authorization.getPermissions(Permissions.values())) {
        if (permission != Permissions.NONE) {
            permissionName = permission.getName();
            break;
        }
    }
    if (!Authorization.ANY.equals(authorization.getResourceId())) {
        // missing ANY authorizations are not explicitly represented in the error message
        resourceId = authorization.getResourceId();
    }
    Resource resource = AuthorizationTestUtil.getResourceByType(authorization.getResourceType());
    resourceName = resource.resourceName();
    return new MissingAuthorization(permissionName, resourceName, resourceId);
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Permission(org.camunda.bpm.engine.authorization.Permission) Resource(org.camunda.bpm.engine.authorization.Resource)

Example 5 with MissingAuthorization

use of org.camunda.bpm.engine.authorization.MissingAuthorization in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testTenantUserMembershipCreateAuthorizations.

public void testTenantUserMembershipCreateAuthorizations() {
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);
    // add base permission which allows nobody to create memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.createTenantUserMembership("tenant1", "jonny1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) Tenant(org.camunda.bpm.engine.identity.Tenant) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Aggregations

MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)24 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)21 Authorization (org.camunda.bpm.engine.authorization.Authorization)19 Group (org.camunda.bpm.engine.identity.Group)7 Tenant (org.camunda.bpm.engine.identity.Tenant)7 User (org.camunda.bpm.engine.identity.User)7 ArrayList (java.util.ArrayList)4 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)3 Permission (org.camunda.bpm.engine.authorization.Permission)2 Resource (org.camunda.bpm.engine.authorization.Resource)2 CompositePermissionCheck (org.camunda.bpm.engine.impl.db.CompositePermissionCheck)2 PermissionCheck (org.camunda.bpm.engine.impl.db.PermissionCheck)2 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)2 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 AuthorizationEntity (org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity)1 GroupEntity (org.camunda.bpm.engine.impl.persistence.entity.GroupEntity)1 UserEntity (org.camunda.bpm.engine.impl.persistence.entity.UserEntity)1