public <T> T runWithoutAuthorization(Callable<T> runnable) { CommandContext commandContext = Context.getCommandContext(); boolean authorizationEnabled = commandContext.isAuthorizationCheckEnabled(); try { commandContext.disableAuthorizationCheck(); return runnable.call(); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new ProcessEngineException(e); } finally { if (authorizationEnabled) { commandContext.enableAuthorizationCheck(); } } }
protected boolean isAuthCheckExecuted() { Authentication currentAuthentication = getCurrentAuthentication(); CommandContext commandContext = Context.getCommandContext(); return isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled() && currentAuthentication != null && currentAuthentication.getUserId() != null; }
public <T> T runWithoutAuthorization(Callable<T> runnable) { CommandContext commandContext = Context.getCommandContext(); boolean authorizationEnabled = commandContext.isAuthorizationCheckEnabled(); try { commandContext.disableAuthorizationCheck(); return runnable.call(); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new ProcessEngineException(e); } finally { if (authorizationEnabled) { commandContext.enableAuthorizationCheck(); } } }
protected boolean isAuthCheckExecuted() { Authentication currentAuthentication = getCurrentAuthentication(); CommandContext commandContext = Context.getCommandContext(); return isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled() && currentAuthentication != null && currentAuthentication.getUserId() != null; }
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { authCheck.setPermissionChecks(compositeCheck); } }
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { authCheck.setPermissionChecks(compositeCheck); } }
@Before public void setup() { mockedCmdContext = mock(CommandContext.class); mockedConfiguration = mock(ProcessEngineConfigurationImpl.class); authorizationManager = spy(new AuthorizationManager()); mockedEntityManager = mock(DbEntityManager.class); when(mockedCmdContext.getSession(eq(DbEntityManager.class))).thenReturn(mockedEntityManager); when(authorizationManager.filterAuthenticatedGroupIds(eq(AUTHENTICATED_GROUPS))).thenReturn(AUTHENTICATED_GROUPS); when(mockedCmdContext.getAuthentication()).thenReturn(new Authentication(AUTHENTICATED_USER_ID, AUTHENTICATED_GROUPS)); when(mockedCmdContext.isAuthorizationCheckEnabled()).thenReturn(true); when(mockedConfiguration.isAuthorizationEnabled()).thenReturn(true); Context.setCommandContext(mockedCmdContext); Context.setProcessEngineConfiguration(mockedConfiguration); }
/** * Checks if the current authentication contains the group * {@link Groups#CAMUNDA_ADMIN}. The check is ignored if the authorization is * disabled or no authentication exists. * * @throws AuthorizationException */ public void checkCamundaAdmin() { final Authentication currentAuthentication = getCurrentAuthentication(); CommandContext commandContext = Context.getCommandContext(); if (isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled() && currentAuthentication != null && !isCamundaAdmin(currentAuthentication)) { throw LOG.requiredCamundaAdminException(); } }
/** * Checks if the current authentication contains the group * {@link Groups#CAMUNDA_ADMIN}. The check is ignored if the authorization is * disabled or no authentication exists. * * @throws AuthorizationException */ public void checkCamundaAdmin() { final Authentication currentAuthentication = getCurrentAuthentication(); CommandContext commandContext = Context.getCommandContext(); if (isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled() && currentAuthentication != null && !isCamundaAdmin(currentAuthentication)) { throw LOG.requiredCamundaAdminException(); } }
protected boolean ensureHistoryReadOnProcessDefinition(HistoricActivityStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if(isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String processDefinitionId = query.getProcessDefinitionId(); ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId); if (definition == null) { return false; } return getAuthorizationManager().isAuthorized(READ_HISTORY, PROCESS_DEFINITION, definition.getKey()); } return true; }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
protected boolean ensureHistoryReadOnProcessDefinition(HistoricActivityStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if(isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String processDefinitionId = query.getProcessDefinitionId(); ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId); if (definition == null) { return false; } return getAuthorizationManager().isAuthorized(READ_HISTORY, PROCESS_DEFINITION, definition.getKey()); } return true; }
protected void addPermissionCheck(ListQueryParameterObject query, Resource resource, String queryParam, Permission permission) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { PermissionCheck permCheck = newPermissionCheck(); permCheck.setResource(resource); permCheck.setResourceIdQueryParam(queryParam); permCheck.setPermission(permission); query.getAuthCheck().addAtomicPermissionCheck(permCheck); } }
protected void checkReadDecisionRequirementsDefinition(HistoricDecisionInstanceStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String decisionRequirementsDefinitionId = query.getDecisionRequirementsDefinitionId(); DecisionRequirementsDefinition definition = getDecisionRequirementsDefinitionManager().findDecisionRequirementsDefinitionById(decisionRequirementsDefinitionId); ensureNotNull("no deployed decision requirements definition found with id '" + decisionRequirementsDefinitionId + "'", "decisionRequirementsDefinition", definition); getAuthorizationManager().checkAuthorization(READ, DECISION_REQUIREMENTS_DEFINITION, definition.getKey()); } }
protected void checkReadProcessDefinition(ActivityStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String processDefinitionId = query.getProcessDefinitionId(); ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId); ensureNotNull("no deployed process definition found with id '" + processDefinitionId + "'", "processDefinition", definition); getAuthorizationManager().checkAuthorization(READ, PROCESS_DEFINITION, definition.getKey()); } }
protected void checkReadDecisionRequirementsDefinition(HistoricDecisionInstanceStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String decisionRequirementsDefinitionId = query.getDecisionRequirementsDefinitionId(); DecisionRequirementsDefinition definition = getDecisionRequirementsDefinitionManager().findDecisionRequirementsDefinitionById(decisionRequirementsDefinitionId); ensureNotNull("no deployed decision requirements definition found with id '" + decisionRequirementsDefinitionId + "'", "decisionRequirementsDefinition", definition); getAuthorizationManager().checkAuthorization(READ, DECISION_REQUIREMENTS_DEFINITION, definition.getKey()); } }
protected void checkReadProcessDefinition(ActivityStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String processDefinitionId = query.getProcessDefinitionId(); ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId); ensureNotNull("no deployed process definition found with id '" + processDefinitionId + "'", "processDefinition", definition); getAuthorizationManager().checkAuthorization(READ, PROCESS_DEFINITION, definition.getKey()); } }
protected void handleInvocationInContext(final DelegateInvocation invocation) throws Exception { CommandContext commandContext = Context.getCommandContext(); boolean oldValue = commandContext.isAuthorizationCheckEnabled(); BaseDelegateExecution contextExecution = invocation.getContextExecution();
protected void handleInvocationInContext(final DelegateInvocation invocation) throws Exception { CommandContext commandContext = Context.getCommandContext(); boolean oldValue = commandContext.isAuthorizationCheckEnabled(); BaseDelegateExecution contextExecution = invocation.getContextExecution();
protected boolean ensureHistoryReadOnProcessDefinition(HistoricActivityStatisticsQueryImpl query) { CommandContext commandContext = getCommandContext(); if(isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) { String processDefinitionId = query.getProcessDefinitionId(); ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId); if (definition == null) { return false; } return getAuthorizationManager().isAuthorized(READ_HISTORY, PROCESS_DEFINITION, definition.getKey()); } return true; }