use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.
the class DbIdentityServiceProvider method deleteUser.
public void deleteUser(String userId) {
checkAuthorization(Permissions.DELETE, Resources.USER, userId);
UserEntity user = findUserById(userId);
if (user != null) {
deleteMembershipsByUserId(userId);
deleteTenantMembershipsOfUser(userId);
deleteAuthorizations(Resources.USER, userId);
getDbEntityManager().delete(user);
}
}
use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.
the class DbIdentityServiceProvider method unlockUser.
public void unlockUser(String userId) {
getAuthorizationManager().checkCamundaAdmin();
UserEntity user = findUserById(userId);
if (user != null) {
unlockUser(user);
}
}
use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testUserCreateAuthorizations.
public void testUserCreateAuthorizations() {
// add base permission which allows nobody to create users:
Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
basePerms.setResource(USER);
basePerms.setResourceId(ANY);
// add all then remove 'create'
basePerms.addPermission(ALL);
basePerms.removePermission(CREATE);
authorizationService.saveAuthorization(basePerms);
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthenticatedUserId(jonny2);
try {
identityService.newUser("jonny1");
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
}
// circumvent auth check to get new transient userobject
User newUser = new UserEntity("jonny1");
try {
identityService.saveUser(newUser);
fail("exception expected");
} catch (AuthorizationException e) {
assertEquals(1, e.getMissingAuthorizations().size());
MissingAuthorization info = e.getMissingAuthorizations().get(0);
assertEquals(jonny2, e.getUserId());
assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
}
}
use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.
the class IdentityServiceAuthorizationsTest method testUserUnlockWithoutAuthorization.
public void testUserUnlockWithoutAuthorization() throws ParseException {
// crate user while still in god-mode:
String userId = "jonny";
User jonny = identityService.newUser(userId);
jonny.setPassword("xxx");
identityService.saveUser(jonny);
lockUser(userId, "invalid pwd");
// assume
int maxNumOfAttempts = 10;
UserEntity lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
assertNotNull(lockedUser);
assertNotNull(lockedUser.getLockExpirationTime());
assertEquals(maxNumOfAttempts, lockedUser.getAttempts());
processEngineConfiguration.setAuthorizationEnabled(true);
identityService.setAuthentication("admin", null, null);
// when
try {
identityService.unlockUser(lockedUser.getId());
fail("expected exception");
} catch (AuthorizationException e) {
assertTrue(e.getMessage().contains("Required authenticated group 'camunda-admin'."));
}
// return to god-mode
processEngineConfiguration.setAuthorizationEnabled(false);
// then
int maxNumOfLoginAttempts = 10;
lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
assertNotNull(lockedUser);
assertNotNull(lockedUser.getLockExpirationTime());
assertEquals(maxNumOfLoginAttempts, lockedUser.getAttempts());
}
use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.
the class LdapIdentityProviderSession method findUsersWithoutGroupId.
public List<User> findUsersWithoutGroupId(LdapUserQueryImpl query, String userBaseDn, boolean ignorePagination) {
if (ldapConfiguration.isSortControlSupported()) {
applyRequestControls(query);
}
NamingEnumeration<SearchResult> enumeration = null;
try {
String filter = getUserSearchFilter(query);
enumeration = initialContext.search(userBaseDn, filter, ldapConfiguration.getSearchControls());
// perform client-side paging
int resultCount = 0;
List<User> userList = new ArrayList<User>();
while (enumeration.hasMoreElements() && (userList.size() < query.getMaxResults() || ignorePagination)) {
SearchResult result = enumeration.nextElement();
UserEntity user = transformUser(result);
if (isAuthenticatedUser(user) || isAuthorized(READ, USER, user.getId())) {
if (resultCount >= query.getFirstResult() || ignorePagination) {
userList.add(user);
}
resultCount++;
}
}
return userList;
} catch (NamingException e) {
throw new IdentityProviderException("Could not query for users", e);
} finally {
try {
if (enumeration != null) {
enumeration.close();
}
} catch (Exception e) {
// ignore silently
}
}
}
Aggregations