Examples with User org.camunda.bpm.engine.identity.User used on opensource projects

Search in sources :

Example 31 with User

use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testMembershipDeleteAuthorizations.

public void testMembershipDeleteAuthorizations() {
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    Group group1 = identityService.newGroup("group1");
    identityService.saveGroup(group1);
    // add base permission which allows nobody to add users to groups
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(GROUP_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    // add all then remove 'delete'
    basePerms.addPermission(ALL);
    basePerms.removePermission(DELETE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.deleteMembership("jonny1", "group1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(DELETE.getName(), GROUP_MEMBERSHIP.resourceName(), "group1", info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 32 with User

use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserCreateAuthorizations.

public void testUserCreateAuthorizations() {
    // add base permission which allows nobody to create users:
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.newUser("jonny1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
    // circumvent auth check to get new transient userobject
    User newUser = new UserEntity("jonny1");
    try {
        identityService.saveUser(newUser);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 33 with User

use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserUpdateAuthorizations.

public void testUserUpdateAuthorizations() {
    // crate user while still in god-mode:
    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);
    // create global auth
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL);
    // revoke update
    basePerms.removePermission(UPDATE);
    authorizationService.saveAuthorization(basePerms);
    // turn on authorization
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    // fetch user:
    jonny1 = identityService.createUserQuery().singleResult();
    jonny1.setFirstName("Jonny");
    try {
        identityService.saveUser(jonny1);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(UPDATE.getName(), USER.resourceName(), "jonny1", info);
    }
    // but I can create a new user:
    User jonny3 = identityService.newUser("jonny3");
    identityService.saveUser(jonny3);
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException)

Example 34 with User

use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserUnlockWithoutAuthorization.

public void testUserUnlockWithoutAuthorization() throws ParseException {
    // crate user while still in god-mode:
    String userId = "jonny";
    User jonny = identityService.newUser(userId);
    jonny.setPassword("xxx");
    identityService.saveUser(jonny);
    lockUser(userId, "invalid pwd");
    // assume
    int maxNumOfAttempts = 10;
    UserEntity lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNotNull(lockedUser.getLockExpirationTime());
    assertEquals(maxNumOfAttempts, lockedUser.getAttempts());
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthentication("admin", null, null);
    // when
    try {
        identityService.unlockUser(lockedUser.getId());
        fail("expected exception");
    } catch (AuthorizationException e) {
        assertTrue(e.getMessage().contains("Required authenticated group 'camunda-admin'."));
    }
    // return to god-mode
    processEngineConfiguration.setAuthorizationEnabled(false);
    // then
    int maxNumOfLoginAttempts = 10;
    lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNotNull(lockedUser.getLockExpirationTime());
    assertEquals(maxNumOfLoginAttempts, lockedUser.getAttempts());
}
Also used : User(org.camunda.bpm.engine.identity.User) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 35 with User

use of org.camunda.bpm.engine.identity.User in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserQueryAuthorizationsMultipleGroups.

public void testUserQueryAuthorizationsMultipleGroups() {
    // we are jonny2
    String authUserId = "jonny2";
    identityService.setAuthenticatedUserId(authUserId);
    User demo = identityService.newUser("demo");
    identityService.saveUser(demo);
    User mary = identityService.newUser("mary");
    identityService.saveUser(mary);
    User peter = identityService.newUser("peter");
    identityService.saveUser(peter);
    User john = identityService.newUser("john");
    identityService.saveUser(john);
    Group sales = identityService.newGroup("sales");
    identityService.saveGroup(sales);
    Group accounting = identityService.newGroup("accounting");
    identityService.saveGroup(accounting);
    Group management = identityService.newGroup("management");
    identityService.saveGroup(management);
    identityService.createMembership("demo", "sales");
    identityService.createMembership("demo", "accounting");
    identityService.createMembership("demo", "management");
    identityService.createMembership("john", "sales");
    identityService.createMembership("mary", "accounting");
    identityService.createMembership("peter", "management");
    Authorization demoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    demoAuth.setUserId("demo");
    demoAuth.setResource(USER);
    demoAuth.setResourceId("demo");
    demoAuth.addPermission(ALL);
    authorizationService.saveAuthorization(demoAuth);
    Authorization johnAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    johnAuth.setUserId("john");
    johnAuth.setResource(USER);
    johnAuth.setResourceId("john");
    johnAuth.addPermission(ALL);
    authorizationService.saveAuthorization(johnAuth);
    Authorization maryAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    maryAuth.setUserId("mary");
    maryAuth.setResource(USER);
    maryAuth.setResourceId("mary");
    maryAuth.addPermission(ALL);
    authorizationService.saveAuthorization(maryAuth);
    Authorization peterAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    peterAuth.setUserId("peter");
    peterAuth.setResource(USER);
    peterAuth.setResourceId("peter");
    peterAuth.addPermission(ALL);
    authorizationService.saveAuthorization(peterAuth);
    Authorization accAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    accAuth.setGroupId("accounting");
    accAuth.setResource(GROUP);
    accAuth.setResourceId("accounting");
    accAuth.addPermission(READ);
    authorizationService.saveAuthorization(accAuth);
    Authorization salesAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    salesAuth.setGroupId("sales");
    salesAuth.setResource(GROUP);
    salesAuth.setResourceId("sales");
    salesAuth.addPermission(READ);
    authorizationService.saveAuthorization(salesAuth);
    Authorization manAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    manAuth.setGroupId("management");
    manAuth.setResource(GROUP);
    manAuth.setResourceId("management");
    manAuth.addPermission(READ);
    authorizationService.saveAuthorization(manAuth);
    Authorization salesDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    salesDemoAuth.setGroupId("sales");
    salesDemoAuth.setResource(USER);
    salesDemoAuth.setResourceId("demo");
    salesDemoAuth.addPermission(READ);
    authorizationService.saveAuthorization(salesDemoAuth);
    Authorization salesJohnAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    salesJohnAuth.setGroupId("sales");
    salesJohnAuth.setResource(USER);
    salesJohnAuth.setResourceId("john");
    salesJohnAuth.addPermission(READ);
    authorizationService.saveAuthorization(salesJohnAuth);
    Authorization manDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    manDemoAuth.setGroupId("management");
    manDemoAuth.setResource(USER);
    manDemoAuth.setResourceId("demo");
    manDemoAuth.addPermission(READ);
    authorizationService.saveAuthorization(manDemoAuth);
    Authorization manPeterAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    manPeterAuth.setGroupId("management");
    manPeterAuth.setResource(USER);
    manPeterAuth.setResourceId("peter");
    manPeterAuth.addPermission(READ);
    authorizationService.saveAuthorization(manPeterAuth);
    Authorization accDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    accDemoAuth.setGroupId("accounting");
    accDemoAuth.setResource(USER);
    accDemoAuth.setResourceId("demo");
    accDemoAuth.addPermission(READ);
    authorizationService.saveAuthorization(accDemoAuth);
    Authorization accMaryAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    accMaryAuth.setGroupId("accounting");
    accMaryAuth.setResource(USER);
    accMaryAuth.setResourceId("mary");
    accMaryAuth.addPermission(READ);
    authorizationService.saveAuthorization(accMaryAuth);
    List<String> groups = new ArrayList<String>();
    groups.add("management");
    groups.add("accounting");
    groups.add("sales");
    identityService.setAuthentication("demo", groups);
    processEngineConfiguration.setAuthorizationEnabled(true);
    List<User> salesUser = identityService.createUserQuery().memberOfGroup("sales").list();
    assertEquals(2, salesUser.size());
    for (User user : salesUser) {
        if (!user.getId().equals("demo") && !user.getId().equals("john")) {
            Assert.fail("Unexpected user for group sales: " + user.getId());
        }
    }
    List<User> accountingUser = identityService.createUserQuery().memberOfGroup("accounting").list();
    assertEquals(2, accountingUser.size());
    for (User user : accountingUser) {
        if (!user.getId().equals("demo") && !user.getId().equals("mary")) {
            Assert.fail("Unexpected user for group accounting: " + user.getId());
        }
    }
    List<User> managementUser = identityService.createUserQuery().memberOfGroup("management").list();
    assertEquals(2, managementUser.size());
    for (User user : managementUser) {
        if (!user.getId().equals("demo") && !user.getId().equals("peter")) {
            Assert.fail("Unexpected user for group managment: " + user.getId());
        }
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) Group(org.camunda.bpm.engine.identity.Group) User(org.camunda.bpm.engine.identity.User) ArrayList(java.util.ArrayList)

Aggregations

User (org.camunda.bpm.engine.identity.User)139 Test (org.junit.Test)67 Group (org.camunda.bpm.engine.identity.Group)29 UserQuery (org.camunda.bpm.engine.identity.UserQuery)24 Authorization (org.camunda.bpm.engine.authorization.Authorization)20 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)12 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)12 Matchers.anyString (org.mockito.Matchers.anyString)11 InvalidRequestException (org.camunda.bpm.engine.rest.exception.InvalidRequestException)10 ArrayList (java.util.ArrayList)9 IdentityService (org.camunda.bpm.engine.IdentityService)8 Tenant (org.camunda.bpm.engine.identity.Tenant)8 ProcessEngineException (org.camunda.bpm.engine.ProcessEngineException)6 Task (org.camunda.bpm.engine.task.Task)6 Date (java.util.Date)5 HashMap (java.util.HashMap)5 GroupQuery (org.camunda.bpm.engine.identity.GroupQuery)5 Authentication (org.camunda.bpm.engine.impl.identity.Authentication)5 UserCredentialsDto (org.camunda.bpm.engine.rest.dto.identity.UserCredentialsDto)5 UserDto (org.camunda.bpm.engine.rest.dto.identity.UserDto)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial