Search in sources :

Example 1 with UserEntity

use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.

the class DbIdentityServiceProvider method deleteUser.

public void deleteUser(String userId) {
    checkAuthorization(Permissions.DELETE, Resources.USER, userId);
    UserEntity user = findUserById(userId);
    if (user != null) {
        deleteMembershipsByUserId(userId);
        deleteTenantMembershipsOfUser(userId);
        deleteAuthorizations(Resources.USER, userId);
        getDbEntityManager().delete(user);
    }
}
Also used : UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 2 with UserEntity

use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.

the class DbIdentityServiceProvider method unlockUser.

public void unlockUser(String userId) {
    getAuthorizationManager().checkCamundaAdmin();
    UserEntity user = findUserById(userId);
    if (user != null) {
        unlockUser(user);
    }
}
Also used : UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 3 with UserEntity

use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserCreateAuthorizations.

public void testUserCreateAuthorizations() {
    // add base permission which allows nobody to create users:
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(USER);
    basePerms.setResourceId(ANY);
    // add all then remove 'create'
    basePerms.addPermission(ALL);
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);
    try {
        identityService.newUser("jonny1");
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
    // circumvent auth check to get new transient userobject
    User newUser = new UserEntity("jonny1");
    try {
        identityService.saveUser(newUser);
        fail("exception expected");
    } catch (AuthorizationException e) {
        assertEquals(1, e.getMissingAuthorizations().size());
        MissingAuthorization info = e.getMissingAuthorizations().get(0);
        assertEquals(jonny2, e.getUserId());
        assertExceptionInfo(CREATE.getName(), USER.resourceName(), null, info);
    }
}
Also used : MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) Authorization(org.camunda.bpm.engine.authorization.Authorization) User(org.camunda.bpm.engine.identity.User) MissingAuthorization(org.camunda.bpm.engine.authorization.MissingAuthorization) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 4 with UserEntity

use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.

the class IdentityServiceAuthorizationsTest method testUserUnlockWithoutAuthorization.

public void testUserUnlockWithoutAuthorization() throws ParseException {
    // crate user while still in god-mode:
    String userId = "jonny";
    User jonny = identityService.newUser(userId);
    jonny.setPassword("xxx");
    identityService.saveUser(jonny);
    lockUser(userId, "invalid pwd");
    // assume
    int maxNumOfAttempts = 10;
    UserEntity lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNotNull(lockedUser.getLockExpirationTime());
    assertEquals(maxNumOfAttempts, lockedUser.getAttempts());
    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthentication("admin", null, null);
    // when
    try {
        identityService.unlockUser(lockedUser.getId());
        fail("expected exception");
    } catch (AuthorizationException e) {
        assertTrue(e.getMessage().contains("Required authenticated group 'camunda-admin'."));
    }
    // return to god-mode
    processEngineConfiguration.setAuthorizationEnabled(false);
    // then
    int maxNumOfLoginAttempts = 10;
    lockedUser = (UserEntity) identityService.createUserQuery().userId(jonny.getId()).singleResult();
    assertNotNull(lockedUser);
    assertNotNull(lockedUser.getLockExpirationTime());
    assertEquals(maxNumOfLoginAttempts, lockedUser.getAttempts());
}
Also used : User(org.camunda.bpm.engine.identity.User) AuthorizationException(org.camunda.bpm.engine.AuthorizationException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity)

Example 5 with UserEntity

use of org.camunda.bpm.engine.impl.persistence.entity.UserEntity in project camunda-bpm-platform by camunda.

the class LdapIdentityProviderSession method findUsersWithoutGroupId.

public List<User> findUsersWithoutGroupId(LdapUserQueryImpl query, String userBaseDn, boolean ignorePagination) {
    if (ldapConfiguration.isSortControlSupported()) {
        applyRequestControls(query);
    }
    NamingEnumeration<SearchResult> enumeration = null;
    try {
        String filter = getUserSearchFilter(query);
        enumeration = initialContext.search(userBaseDn, filter, ldapConfiguration.getSearchControls());
        // perform client-side paging
        int resultCount = 0;
        List<User> userList = new ArrayList<User>();
        while (enumeration.hasMoreElements() && (userList.size() < query.getMaxResults() || ignorePagination)) {
            SearchResult result = enumeration.nextElement();
            UserEntity user = transformUser(result);
            if (isAuthenticatedUser(user) || isAuthorized(READ, USER, user.getId())) {
                if (resultCount >= query.getFirstResult() || ignorePagination) {
                    userList.add(user);
                }
                resultCount++;
            }
        }
        return userList;
    } catch (NamingException e) {
        throw new IdentityProviderException("Could not query for users", e);
    } finally {
        try {
            if (enumeration != null) {
                enumeration.close();
            }
        } catch (Exception e) {
        // ignore silently
        }
    }
}
Also used : User(org.camunda.bpm.engine.identity.User) ArrayList(java.util.ArrayList) SearchResult(javax.naming.directory.SearchResult) NamingException(javax.naming.NamingException) IdentityProviderException(org.camunda.bpm.engine.impl.identity.IdentityProviderException) UserEntity(org.camunda.bpm.engine.impl.persistence.entity.UserEntity) NamingException(javax.naming.NamingException) AuthenticationException(javax.naming.AuthenticationException) IdentityProviderException(org.camunda.bpm.engine.impl.identity.IdentityProviderException) BadUserRequestException(org.camunda.bpm.engine.BadUserRequestException)

Aggregations

UserEntity (org.camunda.bpm.engine.impl.persistence.entity.UserEntity)9 User (org.camunda.bpm.engine.identity.User)4 AuthorizationException (org.camunda.bpm.engine.AuthorizationException)2 Authorization (org.camunda.bpm.engine.authorization.Authorization)2 MissingAuthorization (org.camunda.bpm.engine.authorization.MissingAuthorization)2 TenantMembershipEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantMembershipEntity)2 ArrayList (java.util.ArrayList)1 AuthenticationException (javax.naming.AuthenticationException)1 NamingException (javax.naming.NamingException)1 SearchResult (javax.naming.directory.SearchResult)1 BadUserRequestException (org.camunda.bpm.engine.BadUserRequestException)1 IdentityProviderException (org.camunda.bpm.engine.impl.identity.IdentityProviderException)1 GroupEntity (org.camunda.bpm.engine.impl.persistence.entity.GroupEntity)1 MembershipEntity (org.camunda.bpm.engine.impl.persistence.entity.MembershipEntity)1 TenantEntity (org.camunda.bpm.engine.impl.persistence.entity.TenantEntity)1