org.camunda.bpm.engine.authorization.Groups Java Examples
The following examples show how to use
org.camunda.bpm.engine.authorization.Groups.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KeycloakGroupService.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 6 votes |
|
/**
* Checks whether a Keycloak JSON result represents a SYSTEM group.
* @param result the Keycloak JSON result
* @return {@code true} in case the result is a SYSTEM group.
* @throws JsonException in case of errors
*/
private boolean isSystemGroup(JsonObject result) throws JsonException {
String name = getJsonString(result, "name");
if (Groups.CAMUNDA_ADMIN.equals(name) ||
name.equals(keycloakConfiguration.getAdministratorGroupName())) {
return true;
}
try {
JsonArray types = getJsonArray(getJsonObject(result, "attributes"), "type");
for (int i = 0; i < types.size(); i++) {
if (Groups.GROUP_TYPE_SYSTEM.equals(getJsonStringAtIndex(types, i).toUpperCase())) {
return true;
}
}
} catch (JsonException ex) {
return false;
}
return false;
}
Example #2
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
public void testDefaultAuthorizationQueryForCamundaAdminOnUpgrade() {
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.TENANT)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.TENANT_MEMBERSHIP)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
assertEquals(1, authorizationService.createAuthorizationQuery()
.resourceType(Resources.BATCH)
.groupIdIn(Groups.CAMUNDA_ADMIN)
.hasPermission(Permissions.ALL).count());
}
Example #3
| Source File: HistoryCleanupAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
@Test
@Deployment(resources = { "org/camunda/bpm/engine/test/dmn/businessruletask/DmnBusinessRuleTaskTest.testDecisionRef.bpmn20.xml",
"org/camunda/bpm/engine/test/api/history/testDmnWithPojo.dmn11.xml", "org/camunda/bpm/engine/test/api/authorization/oneTaskCase.cmmn" })
public void testHistoryCleanupWithAuthorization() {
// given
prepareInstances(5, 5, 5);
ClockUtil.setCurrentTime(new Date());
// when
identityService.setAuthentication("user", Collections.singletonList(Groups.CAMUNDA_ADMIN), null);
String jobId = historyService.cleanUpHistoryAsync(true).getId();
managementService.executeJob(jobId);
// then
assertResult(0);
}
Example #4
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testGetProcessApplicationForDeploymentAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
ProcessApplicationReference reference = processApplication.getReference();
registerProcessApplication(deploymentId, reference);
// when
String application = managementService.getProcessApplicationForDeployment(deploymentId);
// then
assertNotNull(application);
deleteDeployment(deploymentId);
}
Example #5
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testUnregisterProcessApplicationAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
ProcessApplicationReference reference = processApplication.getReference();
registerProcessApplication(deploymentId, reference);
// when
managementService.unregisterProcessApplication(deploymentId, true);
// then
assertNull(getProcessApplicationForDeployment(deploymentId));
deleteDeployment(deploymentId);
}
Example #6
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 6 votes |
|
public void testRegisterProcessApplicationAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
EmbeddedProcessApplication processApplication = new EmbeddedProcessApplication();
ProcessApplicationReference reference = processApplication.getReference();
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
// when
ProcessApplicationRegistration registration = managementService.registerProcessApplication(deploymentId, reference);
// then
assertNotNull(registration);
assertNotNull(getProcessApplicationForDeployment(deploymentId));
deleteDeployment(deploymentId);
}
Example #7
| Source File: KeycloakGroupService.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 6 votes |
|
/**
* Maps a Keycloak JSON result to a Group object
* @param result the Keycloak JSON result
* @return the Group object
* @throws JsonException in case of errors
*/
private GroupEntity transformGroup(JsonObject result) throws JsonException {
GroupEntity group = new GroupEntity();
if (keycloakConfiguration.isUseGroupPathAsCamundaGroupId()) {
group.setId(getJsonString(result, "path").substring(1)); // remove trailing '/'
} else {
group.setId(getJsonString(result, "id"));
}
group.setName(getJsonString(result, "name"));
if (isSystemGroup(result)) {
group.setType(Groups.GROUP_TYPE_SYSTEM);
} else {
group.setType(Groups.GROUP_TYPE_WORKFLOW);
}
return group;
}
Example #8
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGetRegisteredDeploymentsAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
// when
Set<String> deployments = managementService.getRegisteredDeployments();
// then
assertTrue(deployments.contains(deploymentId));
deleteDeployment(deploymentId);
}
Example #9
| Source File: AuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void testDefaultAuthorizationForCamundaAdminOnUpgrade() {
// The below test cases are skipped for H2 as there is a bug in H2 version 1.3 (Query does not return the expected output)
// This H2 exclusion check will be removed as part of CAM-6044, when the H2 database is upgraded to the version 1.4 (Bug was fixed)
// Update: Upgrading to 1.4.190 did not help, still failing -> CAM-
if (DbSqlSessionFactory.H2.equals(processEngineConfiguration.getDatabaseType())) {
return;
}
processEngineConfiguration.setAuthorizationEnabled(true);
assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.TENANT));
assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.TENANT_MEMBERSHIP));
assertEquals(true,authorizationService.isUserAuthorized(null, Collections.singletonList(Groups.CAMUNDA_ADMIN), Permissions.ALL, Resources.BATCH));
}
Example #10
| Source File: KeycloakConfigureAdminGroupTest.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
public void testAdminGroupConfiguration() {
// check engine configuration
List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
// check that authorizations have been created
assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId).count() > 0);
// check sample authorization for applications
assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId)
.resourceType(Resources.APPLICATION)
.resourceId(Authorization.ANY)
.hasPermission(Permissions.ALL)
.count());
// query user data
User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
assertNotNull(user);
assertEquals("[email protected]", user.getEmail());
// query groups
Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
assertNotNull(group);
assertEquals("camunda-admin", group.getName());
}
Example #11
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testTelemetryEnabledAsCamundaAdmin() {
// given
disableAuthorization();
managementService.toggleTelemetry(true);
enableAuthorization();
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// when
managementService.toggleTelemetry(false);
// then
assertThat(managementService.isTelemetryEnabled()).isFalse();
}
Example #12
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGetHistoryLevelAsCamundaAdmin() {
//given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// when
int historyLevel = managementService.getHistoryLevel();
// then
assertEquals(processEngineConfiguration.getHistoryLevel().getId(), historyLevel);
}
Example #13
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testTablePageQueryAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
String tablePrefix = processEngineConfiguration.getDatabaseTablePrefix();
// when
TablePage page = managementService.createTablePageQuery().tableName(tablePrefix + "ACT_RE_PROCDEF").listPage(0, Integer.MAX_VALUE);
// then
assertNotNull(page);
}
Example #14
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGetTableMetaDataAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// when
TableMetaData tableMetaData = managementService.getTableMetaData("ACT_RE_PROCDEF");
// then
assertNotNull(tableMetaData);
}
Example #15
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGetTableNameAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
String tablePrefix = processEngineConfiguration.getDatabaseTablePrefix();
// when
String tableName = managementService.getTableName(ProcessDefinitionEntity.class);
// then
assertEquals(tablePrefix + "ACT_RE_PROCDEF", tableName);
}
Example #16
| Source File: ManagementAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testGetTableCountAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// when
Map<String, Long> tableCount = managementService.getTableCount();
// then
assertFalse(tableCount.isEmpty());
}
Example #17
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testUnregisterDeploymentForJobExecutorAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
// when
managementService.unregisterDeploymentForJobExecutor(deploymentId);
// then
assertFalse(getRegisteredDeployments().contains(deploymentId));
deleteDeployment(deploymentId);
}
Example #18
| Source File: DeploymentAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
public void testRegisterDeploymentForJobExecutorAsCamundaAdmin() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
String deploymentId = createDeployment(null, FIRST_RESOURCE).getId();
// when
managementService.registerDeploymentForJobExecutor(deploymentId);
// then
assertTrue(getRegisteredDeployments().contains(deploymentId));
deleteDeployment(deploymentId);
}
Example #19
| Source File: KeycloakConfigureAdminGroupAndUsePathAsId.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
public void testAdminGroupConfiguration() {
// check engine configuration
List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
// check that authorizations have been created
assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId).count() > 0);
// check sample authorization for applications
assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId)
.resourceType(Resources.APPLICATION)
.resourceId(Authorization.ANY)
.hasPermission(Permissions.ALL)
.count());
// query user data
User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
assertNotNull(user);
assertEquals("[email protected]", user.getEmail());
// query groups
Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
assertNotNull(group);
assertEquals("root/child1/subchild1", group.getId());
assertEquals("subchild1", group.getName());
// query groups using group member
List<Group> groups = processEngine.getIdentityService().createGroupQuery().groupMember(user.getId()).list();
assertNotNull(groups);
assertEquals("Wrong number of groups for admin", 2, groups.size());
}
Example #20
| Source File: KeycloakConfigureAdminGroupAsPathAndUsePathAsId.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
public void testAdminGroupConfiguration() {
// check engine configuration
List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
// check that authorizations have been created
assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId).count() > 0);
// check sample authorization for applications
assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId)
.resourceType(Resources.APPLICATION)
.resourceId(Authorization.ANY)
.hasPermission(Permissions.ALL)
.count());
// query user data
User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
assertNotNull(user);
assertEquals("[email protected]", user.getEmail());
// query groups
Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
assertNotNull(group);
assertEquals("root/child2", group.getId());
assertEquals("child2", group.getName());
// query groups using group member
List<Group> groups = processEngine.getIdentityService().createGroupQuery().groupMember(user.getId()).list();
assertNotNull(groups);
assertEquals("Wrong number of groups for admin", 2, groups.size());
}
Example #21
| Source File: KeycloakConfigureAdminGroupAsPath.java From camunda-bpm-identity-keycloak with Apache License 2.0 | 5 votes |
|
public void testAdminGroupConfiguration() {
// check engine configuration
List<String> camundaAdminGroups = ((ProcessEngineConfigurationImpl) processEngine.getProcessEngineConfiguration()).getAdminGroups();
assertEquals(2, camundaAdminGroups.size()); // camunda always adds "camunda-admin" as admin group ID - we want the other ID
String adminGroupId = camundaAdminGroups.stream().filter(g -> !Groups.CAMUNDA_ADMIN.equals(g)).findFirst().get();
// check that authorizations have been created
assertTrue(processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId).count() > 0);
// check sample authorization for applications
assertEquals(1, processEngine.getAuthorizationService().createAuthorizationQuery()
.groupIdIn(adminGroupId)
.resourceType(Resources.APPLICATION)
.resourceId(Authorization.ANY)
.hasPermission(Permissions.ALL)
.count());
// query user data
User user = processEngine.getIdentityService().createUserQuery().memberOfGroup(adminGroupId).singleResult();
assertNotNull(user);
assertEquals("[email protected]", user.getEmail());
// query groups
Group group = processEngine.getIdentityService().createGroupQuery().groupId(adminGroupId).singleResult();
assertNotNull(group);
assertEquals("subchild1", group.getName());
}
Example #22
| Source File: SchemaLogQueryAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void testQueryWithAuthorization() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// then
assertThat(managementService.createSchemaLogQuery().list().size(), is(greaterThan(0)));
}
Example #23
| Source File: SchemaLogQueryAuthorizationTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void testCountQueryWithAuthorization() {
// given
identityService.setAuthentication(userId, Collections.singletonList(Groups.CAMUNDA_ADMIN));
// then
assertThat(managementService.createSchemaLogQuery().count(), is(greaterThan(0L)));
}
Example #24
| Source File: MultiTenancyCommandTenantCheckTest.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Test
public void disableTenantCheckForCamundaAdmin() {
identityService.setAuthentication("user", Collections.singletonList(Groups.CAMUNDA_ADMIN), null);
processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() {
@Override
public Void execute(CommandContext commandContext) {
// camunda-admin should access data from all tenants
assertThat(commandContext.getTenantManager().isTenantCheckEnabled(), is(false));
return null;
}
});
}
Example #25
| Source File: ProcessEngineConfigurationImpl.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
protected void initAdminGroups() {
if (adminGroups == null) {
adminGroups = new ArrayList<>();
}
if (adminGroups.isEmpty() || !(adminGroups.contains(Groups.CAMUNDA_ADMIN))) {
adminGroups.add(Groups.CAMUNDA_ADMIN);
}
}
Example #26
| Source File: CreateAdminUserConfiguration.java From camunda-bpm-platform with Apache License 2.0 | 5 votes |
|
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
requireNonNull(adminUser);
final IdentityService identityService = processEngine.getIdentityService();
final AuthorizationService authorizationService = processEngine.getAuthorizationService();
if (userAlreadyExists(identityService, adminUser)) {
return;
}
createUser(identityService, adminUser);
// create group
if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
camundaAdminGroup.setName("camunda BPM Administrators");
camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
identityService.saveGroup(camundaAdminGroup);
}
// create ADMIN authorizations on all built-in resources
for (Resource resource : Resources.values()) {
if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
userAdminAuth.setGroupId(CAMUNDA_ADMIN);
userAdminAuth.setResource(resource);
userAdminAuth.setResourceId(ANY);
userAdminAuth.addPermission(ALL);
authorizationService.saveAuthorization(userAdminAuth);
}
}
identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
LOG.creatingInitialAdminUser(adminUser);
}
Example #27
| Source File: DemoDataGenerator.java From camunda-bpm-elasticsearch with Apache License 2.0 | 5 votes |
|
public void afterPropertiesSet() throws Exception {
System.out.println("Generating demo data");
scheduleInstanceStart();
// ensure admin user exists
IdentityService identityService = processEngine.getIdentityService();
User user = identityService.createUserQuery().userId("demo").singleResult();
if(user == null) {
User newUser = identityService.newUser("demo");
newUser.setPassword("demo");
identityService.saveUser(newUser);
System.out.println("Created used 'demo', password 'demo'");
AuthorizationService authorizationService = processEngine.getAuthorizationService();
// create group
if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
camundaAdminGroup.setName("camunda BPM Administrators");
camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
identityService.saveGroup(camundaAdminGroup);
}
// create ADMIN authorizations on all built-in resources
for (Resource resource : Resources.values()) {
if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
userAdminAuth.setResource(resource);
userAdminAuth.setResourceId(ANY);
userAdminAuth.addPermission(ALL);
authorizationService.saveAuthorization(userAdminAuth);
}
}
processEngine.getIdentityService()
.createMembership("demo", Groups.CAMUNDA_ADMIN);
}
}
Example #28
| Source File: CreateAdminUserConfiguration.java From camunda-bpm-spring-boot-starter with Apache License 2.0 | 5 votes |
|
@Override
public void postProcessEngineBuild(final ProcessEngine processEngine) {
requireNonNull(adminUser);
final IdentityService identityService = processEngine.getIdentityService();
final AuthorizationService authorizationService = processEngine.getAuthorizationService();
if (userAlreadyExists(identityService, adminUser)) {
return;
}
createUser(identityService, adminUser);
// create group
if (identityService.createGroupQuery().groupId(CAMUNDA_ADMIN).count() == 0) {
Group camundaAdminGroup = identityService.newGroup(CAMUNDA_ADMIN);
camundaAdminGroup.setName("camunda BPM Administrators");
camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
identityService.saveGroup(camundaAdminGroup);
}
// create ADMIN authorizations on all built-in resources
for (Resource resource : Resources.values()) {
if (authorizationService.createAuthorizationQuery().groupIdIn(CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
userAdminAuth.setGroupId(CAMUNDA_ADMIN);
userAdminAuth.setResource(resource);
userAdminAuth.setResourceId(ANY);
userAdminAuth.addPermission(ALL);
authorizationService.saveAuthorization(userAdminAuth);
}
}
identityService.createMembership(adminUser.getId(), CAMUNDA_ADMIN);
LOG.creatingInitialAdminUser(adminUser);
}
Example #29
| Source File: Application.java From camunda-spring-boot-amqp-microservice-cloud-example with Apache License 2.0 | 4 votes |
|
public static void createDefaultUser(ProcessEngine engine) {
// and add default user to Camunda to be ready-to-go
if (engine.getIdentityService().createUserQuery().userId("demo").count() == 0) {
User user = engine.getIdentityService().newUser("demo");
user.setFirstName("Demo");
user.setLastName("Demo");
user.setPassword("demo");
user.setEmail("[email protected]");
engine.getIdentityService().saveUser(user);
Group group = engine.getIdentityService().newGroup(Groups.CAMUNDA_ADMIN);
group.setName("Administrators");
group.setType(Groups.GROUP_TYPE_SYSTEM);
engine.getIdentityService().saveGroup(group);
for (Resource resource : Resources.values()) {
Authorization auth = engine.getAuthorizationService().createNewAuthorization(AUTH_TYPE_GRANT);
auth.setGroupId(Groups.CAMUNDA_ADMIN);
auth.addPermission(ALL);
auth.setResourceId(ANY);
auth.setResource(resource);
engine.getAuthorizationService().saveAuthorization(auth);
}
engine.getIdentityService().createMembership("demo", Groups.CAMUNDA_ADMIN);
}
// create default "all tasks" filter
if (engine.getFilterService().createFilterQuery().filterName("Alle").count() == 0) {
Map<String, Object> filterProperties = new HashMap<String, Object>();
filterProperties.put("description", "Alle Aufgaben");
filterProperties.put("priority", 10);
Filter filter = engine.getFilterService().newTaskFilter() //
.setName("Alle") //
.setProperties(filterProperties)//
.setOwner("demo")//
.setQuery(engine.getTaskService().createTaskQuery());
engine.getFilterService().saveFilter(filter);
// and authorize demo user for it
if (engine.getAuthorizationService().createAuthorizationQuery().resourceType(FILTER).resourceId(filter.getId()) //
.userIdIn("demo").count() == 0) {
Authorization managementGroupFilterRead = engine.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
managementGroupFilterRead.setResource(FILTER);
managementGroupFilterRead.setResourceId(filter.getId());
managementGroupFilterRead.addPermission(ALL);
managementGroupFilterRead.setUserId("demo");
engine.getAuthorizationService().saveAuthorization(managementGroupFilterRead);
}
}
}
