org.camunda.bpm.engine.identity.User Java Examples

public void testFilterByFirstnameLikeAndLastnameLike() {
 User user = identityService.createUserQuery()
	  .userFirstNameLike("*n%").userLastNameLike("von*")
	  .singleResult();
 assertNotNull(user);

 user = identityService.createUserQuery()
	  .userFirstNameLike("nox-exist*").userLastNameLike("von*")
	  .singleResult();
 assertNull(user);

 user = identityService.createUserQuery()
	  .userFirstNameLike("*n%").userLastNameLike("non-exist*")
	  .singleResult();
 assertNull(user);
}
 

@Test
public void testClaimAlreadyClaimedTaskByOtherUser() {
  Task task = taskService.newTask();
  taskService.saveTask(task);
  User user = identityService.newUser("user");
  identityService.saveUser(user);
  User secondUser = identityService.newUser("seconduser");
  identityService.saveUser(secondUser);

  // Claim task the first time
  taskService.claim(task.getId(), user.getId());

  try {
    taskService.claim(task.getId(), secondUser.getId());
    fail("ProcessEngineException expected");
  } catch (TaskAlreadyClaimedException ae) {
    testRule.assertTextPresent("Task '" + task.getId() + "' is already claimed by someone else.", ae.getMessage());
  }

  taskService.deleteTask(task.getId(), true);
  identityService.deleteUser(user.getId());
  identityService.deleteUser(secondUser.getId());
}
 

@Before
public void setUp() {
  identityService = engineRule.getIdentityService();

  createTenant(TENANT_ONE, "Tenant_1");
  createTenant(TENANT_TWO, "Tenant_2");

  User user = identityService.newUser(USER);
  identityService.saveUser(user);

  Group group = identityService.newGroup(GROUP);
  identityService.saveGroup(group);

  identityService.createMembership(USER, GROUP);

  identityService.createTenantUserMembership(TENANT_ONE, USER);
  identityService.createTenantGroupMembership(TENANT_TWO, GROUP);
}
 

@Test
public void testUnClaimTask() {
  Task task = taskService.newTask();
  taskService.saveTask(task);
  User user = identityService.newUser("user");
  identityService.saveUser(user);

  // Claim task the first time
  taskService.claim(task.getId(), user.getId());
  task = taskService.createTaskQuery().taskId(task.getId()).singleResult();
  assertEquals(user.getId(), task.getAssignee());

  // Unclaim the task
  taskService.claim(task.getId(), null);

  task = taskService.createTaskQuery().taskId(task.getId()).singleResult();
  assertNull(task.getAssignee());

  taskService.deleteTask(task.getId(), true);
  identityService.deleteUser(user.getId());
}
 

@Test
public void testCreateNewUserWithoutCredentials() {
  User newUser = MockProvider.createMockUser();
  when(identityServiceMock.newUser(MockProvider.EXAMPLE_USER_ID)).thenReturn(newUser);

  UserDto userDto = UserDto.fromUser(newUser, false);

  given()
      .body(userDto).contentType(ContentType.JSON)
  .expect()
      .statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
      .post(USER_CREATE_URL);

  verify(identityServiceMock).newUser(MockProvider.EXAMPLE_USER_ID);
  verify(newUser).setFirstName(MockProvider.EXAMPLE_USER_FIRST_NAME);
  verify(newUser).setLastName(MockProvider.EXAMPLE_USER_LAST_NAME);
  verify(newUser).setEmail(MockProvider.EXAMPLE_USER_EMAIL);
  // no password was set
  verify(newUser, never()).setPassword(any(String.class));

  verify(identityServiceMock).saveUser(newUser);
}
 

protected User createUser(String userId) {
  User user = identityService.newUser(userId);
  identityService.saveUser(user);

  // give user all permission to manipulate authorizations
  Authorization authorization = createGrantAuthorization(AUTHORIZATION, ANY);
  authorization.setUserId(userId);
  authorization.addPermission(ALL);
  saveAuthorization(authorization);

  // give user all permission to manipulate users
  authorization = createGrantAuthorization(USER, ANY);
  authorization.setUserId(userId);
  authorization.addPermission(Permissions.ALL);
  saveAuthorization(authorization);

  return user;
}
 

public void testNotReturnUsersWithNullId() throws Exception
{
  // given
  // LdapTestEnvironment creates six groups by default;
  // these won't return a group id, because they do not have the group id attribute
  // defined in the ldap plugin config
  // the plugin should not return such groups and instead log an error

  // when
  List<User> users = processEngine.getIdentityService().createUserQuery().list();
  long count = processEngine.getIdentityService().createGroupQuery().count();

  // then
  // groups with id null were not returned
  Assert.assertEquals(0, users.size());
  Assert.assertEquals(0, count);
}
 

public void testWriteMultipleEntitiesInOneTransaction(){

    // the identity service provider registered with the engine creates a user, a group, and a membership
    // in the following call:
    Assert.assertTrue(identityService.checkPassword("multipleEntities", "inOneStep"));
    User user = identityService.createUserQuery().userId("multipleEntities").singleResult();

    Assert.assertNotNull(user);
    Assert.assertEquals("multipleEntities", user.getId());
    Assert.assertEquals("{SHA}pfdzmt+49nwknTy7xhZd7ZW5suI=", user.getPassword());

    // It is expected, that the User is in exactly one Group
    List<Group> groups = this.identityService.createGroupQuery().groupMember("multipleEntities").list();
    Assert.assertEquals(1, groups.size());

    Group group = groups.get(0);
    Assert.assertEquals("multipleEntities_group", group.getId());

    // clean the Db
    identityService.deleteMembership("multipleEntities", "multipleEntities_group");
    identityService.deleteGroup("multipleEntities_group");
    identityService.deleteUser("multipleEntities");
  }
 

@Test
public void testAddCandidateUserDuplicate() {
  // Check behavior when adding the same user twice as candidate
  User user = identityService.newUser("user");
  identityService.saveUser(user);

  Task task = taskService.newTask();
  taskService.saveTask(task);

  taskService.addCandidateUser(task.getId(), user.getId());

  // Add as candidate the second time
  taskService.addCandidateUser(task.getId(), user.getId());

  identityService.deleteUser(user.getId());
  taskService.deleteTask(task.getId(), true);
}
 

@Test
public void shouldLogUserUpdate() {
  // given
  User newUser = identityService.newUser(TEST_USER_ID);
  identityService.saveUser(newUser);
  assertEquals(0, query.count());

  // when
  newUser.setEmail("[email protected]");
  identityService.setAuthenticatedUserId("userId");
  identityService.saveUser(newUser);
  identityService.clearAuthentication();

  // then
  assertLog(UserOperationLogEntry.OPERATION_TYPE_UPDATE, EntityTypes.USER, null, TEST_USER_ID);
}
 

@Test
public void testGetSingleUserProfile() {
  User sampleUser = MockProvider.createMockUser();
  UserQuery sampleUserQuery = mock(UserQuery.class);
  when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
  when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
  when(sampleUserQuery.singleResult()).thenReturn(sampleUser);

  given()
      .pathParam("id", MockProvider.EXAMPLE_USER_ID)
  .then()
      .statusCode(Status.OK.getStatusCode())
      .body("id", equalTo(MockProvider.EXAMPLE_USER_ID))
      .body("firstName", equalTo(MockProvider.EXAMPLE_USER_FIRST_NAME))
      .body("lastName", equalTo(MockProvider.EXAMPLE_USER_LAST_NAME))
      .body("email", equalTo(MockProvider.EXAMPLE_USER_EMAIL))
  .when()
      .get(USER_PROFILE_URL);
}
 

private void createAuthenticationData() {
  IdentityService identityService = engineRule.getIdentityService();
  Group group = identityService.newGroup("group");
  identityService.saveGroup(group);
  User user = identityService.newUser("user");
  User user2 = identityService.newUser("user2");
  identityService.saveUser(user);
  identityService.saveUser(user2);
  Tenant tenant = identityService.newTenant("tenant");
  identityService.saveTenant(tenant);
  Tenant tenant2 = identityService.newTenant("tenant2");
  identityService.saveTenant(tenant2);
  identityService.createMembership("user", "group");
  identityService.createTenantUserMembership("tenant", "user");
  identityService.createTenantUserMembership("tenant2", "user2");


  Resource resource1 = TestResource.RESOURCE1;
  // create global authorization which grants all permissions to all users (on resource1):
  AuthorizationService authorizationService = engineRule.getAuthorizationService();
  Authorization globalAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
  globalAuth.setResource(resource1);
  globalAuth.setResourceId(ANY);
  globalAuth.addPermission(TestPermissions.ALL);
  authorizationService.saveAuthorization(globalAuth);

  //grant user read auth on resource2
  Resource resource2 = TestResource.RESOURCE2;
  Authorization userGrant = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  userGrant.setUserId("user");
  userGrant.setResource(resource2);
  userGrant.setResourceId(ANY);
  userGrant.addPermission(TestPermissions.READ);
  authorizationService.saveAuthorization(userGrant);

  identityService.setAuthenticatedUserId("user");
}
 

@After
public void cleanUp() {
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Group group : identityService.createGroupQuery().list()) {
    identityService.deleteGroup(group.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
  ClockUtil.reset();
  identityService.clearAuthentication();
}
 

public void testFilterByGroupIdAndId() {
  List<User> result = identityService.createUserQuery()
      .memberOfGroup("development")
      .userId("oscar")
      .list();
  assertEquals(1, result.size());
}
 

public void testFilterUserByChildGroupIdAndId() {
	List<User> result = identityService.createUserQuery()
			.memberOfGroup("root/child1/subchild1")
			.userId("[email protected]")
			.list();
	assertEquals(1, result.size());
}
 

protected void cleanupAfterTest() {
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 

@Test
public void testUserResourceOptionsUnauthorized() {
  String fullUserUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + "/user/" + MockProvider.EXAMPLE_USER_ID;

  User sampleUser = MockProvider.createMockUser();
  UserQuery sampleUserQuery = mock(UserQuery.class);
  when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
  when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
  when(sampleUserQuery.singleResult()).thenReturn(sampleUser);

  Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
  when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(false);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(false);

  when(processEngineConfigurationMock.isAuthorizationEnabled()).thenReturn(true);

  given()
      .pathParam("id", MockProvider.EXAMPLE_USER_ID)
  .then()
      .statusCode(Status.OK.getStatusCode())

      .body("links[0].href", equalTo(fullUserUrl+"/profile"))
      .body("links[0].method", equalTo(HttpMethod.GET))
      .body("links[0].rel", equalTo("self"))

      .body("links[1]", nullValue())
      .body("links[2]", nullValue())

  .when()
      .options(USER_URL);

  verify(identityServiceMock, times(2)).getCurrentAuthentication();
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID);
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID);
}
 

protected void assertFilterPermission(Permission permission, User user, String filterId, boolean expected) {
  boolean result;
  if (filterId != null) {
    result = authorizationService.isUserAuthorized(user.getId(), null, permission, Resources.FILTER, filterId);
  }
  else {
    result = authorizationService.isUserAuthorized(user.getId(), null, permission, Resources.FILTER);
  }
  assertEquals(expected, result);
}
 

@After
public void cleanUp() {
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Group group : identityService.createGroupQuery().list()) {
    identityService.deleteGroup(group.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
  ClockUtil.reset();
}
 

public void testFilterUserByGroupIdAndLastname() {
	List<User> result = identityService.createUserQuery()
			.memberOfGroup("teamlead")
			.userLastName("von der Beck")
			.list();
	assertEquals(1, result.size());
}
 

public void testTenantUserMembershipCreateAuthorizations() {

    User jonny1 = identityService.newUser("jonny1");
    identityService.saveUser(jonny1);

    Tenant tenant1 = identityService.newTenant("tenant1");
    identityService.saveTenant(tenant1);

    // add base permission which allows nobody to create memberships
    Authorization basePerms = authorizationService.createNewAuthorization(AUTH_TYPE_GLOBAL);
    basePerms.setResource(TENANT_MEMBERSHIP);
    basePerms.setResourceId(ANY);
    basePerms.addPermission(ALL); // add all then remove 'create'
    basePerms.removePermission(CREATE);
    authorizationService.saveAuthorization(basePerms);

    processEngineConfiguration.setAuthorizationEnabled(true);
    identityService.setAuthenticatedUserId(jonny2);

    try {
      identityService.createTenantUserMembership("tenant1", "jonny1");
      fail("exception expected");

    } catch (AuthorizationException e) {
      assertEquals(1, e.getMissingAuthorizations().size());
      MissingAuthorization info = e.getMissingAuthorizations().get(0);
      assertEquals(jonny2, e.getUserId());
      assertExceptionInfo(CREATE.getName(), TENANT_MEMBERSHIP.resourceName(), "tenant1", info);
    }
  }
 

@After
public void cleanUp() {
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Group group : identityService.createGroupQuery().list()) {
    identityService.deleteGroup(group.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
  ClockUtil.reset();
}
 

@Override
public void tearDown() {
  processEngineConfiguration.setAuthorizationEnabled(false);
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Group group : identityService.createGroupQuery().list()) {
    identityService.deleteGroup(group.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
}
 

public void afterPropertiesSet() throws Exception {

    System.out.println("Generating demo data");

    scheduleInstanceStart();

    // ensure admin user exists
    IdentityService identityService = processEngine.getIdentityService();
    User user = identityService.createUserQuery().userId("demo").singleResult();
    if(user == null) {
      User newUser = identityService.newUser("demo");
      newUser.setPassword("demo");
      identityService.saveUser(newUser);
      System.out.println("Created used 'demo', password 'demo'");
      AuthorizationService authorizationService = processEngine.getAuthorizationService();

      // create group
      if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
        Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
        camundaAdminGroup.setName("camunda BPM Administrators");
        camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
        identityService.saveGroup(camundaAdminGroup);
      }

      // create ADMIN authorizations on all built-in resources
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
          userAdminAuth.setResource(resource);
          userAdminAuth.setResourceId(ANY);
          userAdminAuth.addPermission(ALL);
          authorizationService.saveAuthorization(userAdminAuth);
        }
      }

      processEngine.getIdentityService()
      .createMembership("demo", Groups.CAMUNDA_ADMIN);
    }
  }
 

@Test
public void testUserResourceOptionsDeleteAuthorized() {
  String fullUserUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + "/user/" + MockProvider.EXAMPLE_USER_ID;

  User sampleUser = MockProvider.createMockUser();
  UserQuery sampleUserQuery = mock(UserQuery.class);
  when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
  when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
  when(sampleUserQuery.singleResult()).thenReturn(sampleUser);

  Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
  when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(true);
  when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(false);

  when(processEngineConfigurationMock.isAuthorizationEnabled()).thenReturn(true);

  given()
      .pathParam("id", MockProvider.EXAMPLE_USER_ID)
  .then()
      .statusCode(Status.OK.getStatusCode())

      .body("links[0].href", equalTo(fullUserUrl+"/profile"))
      .body("links[0].method", equalTo(HttpMethod.GET))
      .body("links[0].rel", equalTo("self"))

      .body("links[1].href", equalTo(fullUserUrl))
      .body("links[1].method", equalTo(HttpMethod.DELETE))
      .body("links[1].rel", equalTo("delete"))

      .body("links[2]", nullValue())

  .when()
      .options(USER_URL);

  verify(identityServiceMock, times(2)).getCurrentAuthentication();
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID);
  verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID);
}
 

public void testFilterByFirstname() {
  User user = identityService.createUserQuery().userFirstName("Gunnar").singleResult();
  assertNotNull(user);

  user = identityService.createUserQuery().userFirstName("non-existing").singleResult();
  assertNull(user);
}
 

@Test
public void testChangeCredentials() {
  User initialUser = MockProvider.createMockUser();
  UserQuery sampleUserQuery = mock(UserQuery.class);
  when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
  when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
  when(sampleUserQuery.singleResult()).thenReturn(initialUser);

  Authentication authentication = MockProvider.createMockAuthentication();
  when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication);

  when(identityServiceMock.checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD)).thenReturn(true);

  UserCredentialsDto dto = new UserCredentialsDto();
  dto.setPassword("new-password");
  dto.setAuthenticatedUserPassword(MockProvider.EXAMPLE_USER_PASSWORD);

  given()
      .pathParam("id", MockProvider.EXAMPLE_USER_ID)
      .contentType(ContentType.JSON)
      .body(dto)
  .then()
      .statusCode(Status.NO_CONTENT.getStatusCode())
  .when()
      .put(USER_CREDENTIALS_URL);

  verify(identityServiceMock).getCurrentAuthentication();
  verify(identityServiceMock).checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD);

  // password was updated
  verify(initialUser).setPassword(dto.getPassword());

  // and then saved
  verify(identityServiceMock).saveUser(initialUser);
}
 

public void testFilterByUserId() {
  User user = identityService.createUserQuery().userId("[email protected]").singleResult();
  assertNotNull(user);

  // validate user
  assertEquals("[email protected]", user.getId());
  assertEquals("Admin", user.getFirstName());
  assertEquals("Camunda", user.getLastName());
  assertEquals("[email protected]", user.getEmail());

  user = identityService.createUserQuery().userId("non-existing").singleResult();
  assertNull(user);
}
 

@Test
public void testUserAccount() {
  User user = identityService.newUser("testuser");
  identityService.saveUser(user);

  identityService.setUserAccount("testuser", "123", "google", "mygoogleusername", "mygooglepwd", null);
  Account googleAccount = identityService.getUserAccount("testuser", "123", "google");
  assertEquals("google", googleAccount.getName());
  assertEquals("mygoogleusername", googleAccount.getUsername());
  assertEquals("mygooglepwd", googleAccount.getPassword());

  identityService.setUserAccount("testuser", "123", "google", "mygoogleusername2", "mygooglepwd2", null);
  googleAccount = identityService.getUserAccount("testuser", "123", "google");
  assertEquals("google", googleAccount.getName());
  assertEquals("mygoogleusername2", googleAccount.getUsername());
  assertEquals("mygooglepwd2", googleAccount.getPassword());

  identityService.setUserAccount("testuser", "123", "alfresco", "myalfrescousername", "myalfrescopwd", null);
  identityService.setUserInfo("testuser", "myinfo", "myvalue");
  identityService.setUserInfo("testuser", "myinfo2", "myvalue2");

  List<String> expectedUserAccountNames = new ArrayList<String>();
  expectedUserAccountNames.add("google");
  expectedUserAccountNames.add("alfresco");
  List<String> userAccountNames = identityService.getUserAccountNames("testuser");
  assertListElementsMatch(expectedUserAccountNames, userAccountNames);

  identityService.deleteUserAccount("testuser", "google");

  expectedUserAccountNames.remove("google");

  userAccountNames = identityService.getUserAccountNames("testuser");
  assertListElementsMatch(expectedUserAccountNames, userAccountNames);

  identityService.deleteUser(user.getId());
}
 

@After
public void cleanUp() {
  for (User user : identityService.createUserQuery().list()) {
    identityService.deleteUser(user.getId());
  }
  for (Group group : identityService.createGroupQuery().list()) {
    identityService.deleteGroup(group.getId());
  }
  for (Authorization authorization : authorizationService.createAuthorizationQuery().list()) {
    authorizationService.deleteAuthorization(authorization.getId());
  }
  ClockUtil.reset();
}