org.camunda.bpm.engine.AuthorizationService Java Examples

protected boolean isAuthorized(Permission permission, Resource resource, String resourceId) {
  if (!processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
    // if authorization is disabled everyone is authorized
    return true;
  }

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  Authentication authentication = identityService.getCurrentAuthentication();
  if(authentication == null) {
    return true;

  } else {
    return authorizationService
       .isUserAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, resourceId);
  }
}
 

@Before
public void setupData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);

  mockTenant = MockProvider.createMockTenant();
  mockQuery = setUpMockQuery(mockTenant);
}
 

public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
  Authorization authorization = authorizationService.createNewAuthorization(type);

  // TODO: group id is missing
  authorization.setResource(resource);

  if (replacements.containsKey(resourceId)) {
    authorization.setResourceId(replacements.get(resourceId));
  }
  else {
    authorization.setResourceId(resourceId);
  }
  authorization.setUserId(userId);
  authorization.setPermissions(permissions);

  return authorization;
}
 

@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 

@Before
public void setupUserData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);

}
 

private void createAuthenticationData() {
  IdentityService identityService = engineRule.getIdentityService();
  Group group = identityService.newGroup("group");
  identityService.saveGroup(group);
  User user = identityService.newUser("user");
  User user2 = identityService.newUser("user2");
  identityService.saveUser(user);
  identityService.saveUser(user2);
  Tenant tenant = identityService.newTenant("tenant");
  identityService.saveTenant(tenant);
  Tenant tenant2 = identityService.newTenant("tenant2");
  identityService.saveTenant(tenant2);
  identityService.createMembership("user", "group");
  identityService.createTenantUserMembership("tenant", "user");
  identityService.createTenantUserMembership("tenant2", "user2");


  Resource resource1 = TestResource.RESOURCE1;
  // create global authorization which grants all permissions to all users (on resource1):
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalAuth.setResource(resource1);
  globalAuth.setResourceId(ANY);
  globalAuth.addPermission(TestPermissions.ALL);
  authorizationService.saveAuthorization(globalAuth);

  //grant user read auth on resource2
  Resource resource2 = TestResource.RESOURCE2;
  Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  userGrant.setUserId("user");
  userGrant.setResource(resource2);
  userGrant.setResourceId(ANY);
  userGrant.addPermission(TestPermissions.READ);
  authorizationService.saveAuthorization(userGrant);

  identityService.setAuthenticatedUserId("user");
}
 

public void tearDown(AuthorizationService authorizationService) {
  Set<String> activeAuthorizations = new HashSet<String>();
  for (Authorization activeAuthorization : authorizationService.createAuthorizationQuery().list()) {
    activeAuthorizations.add(activeAuthorization.getId());
  }

  for (Authorization createdAuthorization : createdAuthorizations) {
    if (activeAuthorizations.contains(createdAuthorization.getId())) {
      authorizationService.deleteAuthorization(createdAuthorization.getId());
    }
  }
}
 

@Before
public void setupGroupData() {

  identityServiceMock = mock(IdentityService.class);
  authorizationServiceMock = mock(AuthorizationService.class);
  processEngineConfigurationMock = mock(ProcessEngineConfiguration.class);

  // mock identity service
  when(processEngine.getIdentityService()).thenReturn(identityServiceMock);
  // authorization service
  when(processEngine.getAuthorizationService()).thenReturn(authorizationServiceMock);
  // process engine configuration
  when(processEngine.getProcessEngineConfiguration()).thenReturn(processEngineConfigurationMock);
}
 

protected void grouptGrant(String groupId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setGroupId(groupId);
    authorizationService.saveAuthorization(groupGrant);
  }
 

protected void userGrant(String userId, Resource resource, Permission... perms) {

    AuthorizationService authorizationService = engine.getAuthorizationService();
    Authorization groupGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
    groupGrant.setResource(resource);
    groupGrant.setResourceId(ANY);
    for (Permission permission : perms) {
      groupGrant.addPermission(permission);
    }
    groupGrant.setUserId(userId);
    authorizationService.saveAuthorization(groupGrant);
  }
 

@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 

@Before
public void createAuthorizations() {
  AuthorizationService authorizationService = engine.getAuthorizationService();
  List<Authorization> auths = authorizationService.createAuthorizationQuery().list();
  for (Authorization authorization : auths) {
    authorizationService.deleteAuthorization(authorization.getId());
  }

  userGrant("test", resource, permissions);
  for (int i = 0; i < 5; i++) {
    grouptGrant("g"+i, resource, permissions);
  }
  engine.getProcessEngineConfiguration().setAuthorizationEnabled(true);
}
 

@DescribesScenario("startProcessInstance")
@Times(1)
public static ScenarioSetup startProcessInstance() {
  return new ScenarioSetup() {
    public void execute(ProcessEngine engine, String scenarioName) {
      IdentityService identityService = engine.getIdentityService();

      String userId = USER_ID + scenarioName;
      String groupid = GROUP_ID + scenarioName;
      // create an user
      User user = identityService.newUser(userId);
      identityService.saveUser(user);

      // create group
      Group group = identityService.newGroup(groupid);
      identityService.saveGroup(group);

      // create membership
      identityService.createMembership(userId, groupid);

      //create full authorization
      AuthorizationService authorizationService = engine.getAuthorizationService();

      //authorization for process definition
      Authorization authProcDef = createAuthorization(authorizationService, Permissions.ALL, Resources.PROCESS_DEFINITION, userId);
      engine.getAuthorizationService().saveAuthorization(authProcDef);

      //authorization for deployment
      Authorization authDeployment = createAuthorization(authorizationService, Permissions.ALL, Resources.DEPLOYMENT, userId);
      engine.getAuthorizationService().saveAuthorization(authDeployment);

      //authorization for process instance create
      Authorization authProcessInstance = createAuthorization(authorizationService, Permissions.CREATE, Resources.PROCESS_INSTANCE, userId);
      engine.getAuthorizationService().saveAuthorization(authProcessInstance);

      // start a process instance
      engine.getRuntimeService().startProcessInstanceByKey(PROCESS_DEF_KEY, scenarioName);
    }
  };
}
 

protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
  Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  auth.addPermission(permission);
  auth.setResource(resource);
  auth.setResourceId(Authorization.ANY);
  auth.setUserId(userId);
  return auth;
}
 

@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 

public void afterPropertiesSet() throws Exception {

    System.out.println("Generating demo data");

    scheduleInstanceStart();

    // ensure admin user exists
    IdentityService identityService = processEngine.getIdentityService();
    User user = identityService.createUserQuery().userId("demo").singleResult();
    if(user == null) {
      User newUser = identityService.newUser("demo");
      newUser.setPassword("demo");
      identityService.saveUser(newUser);
      System.out.println("Created used 'demo', password 'demo'");
      AuthorizationService authorizationService = processEngine.getAuthorizationService();

      // create group
      if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
        Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
        camundaAdminGroup.setName("camunda BPM Administrators");
        camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
        identityService.saveGroup(camundaAdminGroup);
      }

      // create ADMIN authorizations on all built-in resources
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
          userAdminAuth.setResource(resource);
          userAdminAuth.setResourceId(ANY);
          userAdminAuth.addPermission(ALL);
          authorizationService.saveAuthorization(userAdminAuth);
        }
      }

      processEngine.getIdentityService()
      .createMembership("demo", Groups.CAMUNDA_ADMIN);
    }
  }
 

@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
  requireNonNull(adminUser);

  final IdentityService identityService = processEngine.getIdentityService();
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  if (userAlreadyExists(identityService, adminUser)) {
    return;
  }

  createUser(identityService, adminUser);

  // create group
  if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
    Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
    camundaAdminGroup.setName("camunda BPM Administrators");
    camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
    identityService.saveGroup(camundaAdminGroup);
  }

  // create ADMIN authorizations on all built-in resources
  for (Resource resource : Resources.values()) {
    if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
      AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
      userAdminAuth.setGroupId(CAMUNDA_ADMIN);
      userAdminAuth.setResource(resource);
      userAdminAuth.setResourceId(ANY);
      userAdminAuth.addPermission(ALL);
      authorizationService.saveAuthorization(userAdminAuth);
    }
  }

  identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
  LOG.creatingInitialAdminUser(adminUser);
}
 

@Bean(name = "authorizationService")
@Override
public AuthorizationService getAuthorizationService() {
  return processEngine.getAuthorizationService();
}
 

public AuthorizationService getAuthorizationService() {
  return processEngine.getAuthorizationService();
}
 

protected void deleteAuthorizations() {
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 

public AuthorizationScenarioInstance(AuthorizationScenario scenario, AuthorizationService authorizationService,
    Map<String, String> resourceBindings) {
  this.scenario = scenario;
  init(authorizationService, resourceBindings);
}
 

protected void deleteAuthorizations() {
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 

public void setAuthorizationService(AuthorizationService authorizationService) {
  this.authorizationService = authorizationService;
}
 

@Override
public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 

@Override
public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 

public AuthorizationService getAuthorizationService() {
  return authorizationService;
}
 

public AuthorizationQueryMock() {
 super(AuthorizationQuery.class, AuthorizationService.class);
}
 

public AuthorizationDto createAuthorization(UriInfo context, AuthorizationCreateDto dto) {
  final AuthorizationService authorizationService = processEngine.getAuthorizationService();

  Authorization newAuthorization = authorizationService.createNewAuthorization(dto.getType());
  AuthorizationCreateDto.update(dto, newAuthorization, processEngine.getProcessEngineConfiguration());

  newAuthorization = authorizationService.saveAuthorization(newAuthorization);

  return getAuthorization(newAuthorization.getId()).getAuthorization(context);
}
 

@Produces @Named @ApplicationScoped public AuthorizationService authorizationService() { return processEngine().getAuthorizationService(); } 

@Produces @ProcessEngineName("") public AuthorizationService authorizationService(InjectionPoint ip) { return processEngine(ip).getAuthorizationService(); }