protected boolean isRevokeAuthCheckEnabled(String userId, List<String> groupIds) { Boolean isRevokeAuthCheckEnabled = this.isRevokeAuthCheckUsed; if(isRevokeAuthCheckEnabled == null) { String configuredMode = Context.getProcessEngineConfiguration().getAuthorizationCheckRevokes(); if(configuredMode != null) { configuredMode = configuredMode.toLowerCase(); } if(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS.equals(configuredMode)) { isRevokeAuthCheckEnabled = true; } else if(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_NEVER.equals(configuredMode)) { isRevokeAuthCheckEnabled = false; } else { final Map<String, Object> params = new HashMap<String, Object>(); params.put("userId", userId); params.put("authGroupIds", filterAuthenticatedGroupIds(groupIds)); isRevokeAuthCheckEnabled = getDbEntityManager().selectBoolean("selectRevokeAuthorization", params); } this.isRevokeAuthCheckUsed = isRevokeAuthCheckEnabled; } return isRevokeAuthCheckEnabled; }
protected boolean isRevokeAuthCheckEnabled(String userId, List<String> groupIds) { Boolean isRevokeAuthCheckEnabled = this.isRevokeAuthCheckUsed; if(isRevokeAuthCheckEnabled == null) { String configuredMode = Context.getProcessEngineConfiguration().getAuthorizationCheckRevokes(); if(configuredMode != null) { configuredMode = configuredMode.toLowerCase(); } if(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS.equals(configuredMode)) { isRevokeAuthCheckEnabled = true; } else if(ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_NEVER.equals(configuredMode)) { isRevokeAuthCheckEnabled = false; } else { final Map<String, Object> params = new HashMap<String, Object>(); params.put("userId", userId); params.put("authGroupIds", filterAuthenticatedGroupIds(groupIds)); isRevokeAuthCheckEnabled = getDbEntityManager().selectBoolean("selectRevokeAuthorization", params); } this.isRevokeAuthCheckUsed = isRevokeAuthCheckEnabled; } return isRevokeAuthCheckEnabled; }
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); DbEntityManager dbEntityManager = spyOnSession(commandContext, DbEntityManager.class); authorizationService.isUserAuthorized(testUserId, testGroupIds, Permissions.READ, Resources.TASK); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); ArgumentCaptor<AuthorizationCheck> authorizationCheckArgument = ArgumentCaptor.forClass(AuthorizationCheck.class); verify(dbEntityManager).selectBoolean(eq("isUserAuthorizedForResource"), authorizationCheckArgument.capture()); AuthorizationCheck authorizationCheck = authorizationCheckArgument.getValue(); assertThat(authorizationCheck.getAuthGroupIds(), containsInAnyOrder(testGroupIds.toArray())); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); DbEntityManager dbEntityManager = spyOnSession(commandContext, DbEntityManager.class); authorizationService.isUserAuthorized(testUserId, testGroupIds, Permissions.READ, Resources.TASK); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); ArgumentCaptor<AuthorizationCheck> authorizationCheckArgument = ArgumentCaptor.forClass(AuthorizationCheck.class); verify(dbEntityManager).selectBoolean(eq("isUserAuthorizedForResource"), authorizationCheckArgument.capture()); AuthorizationCheck authorizationCheck = authorizationCheckArgument.getValue(); assertTrue(authorizationCheck.getAuthGroupIds().isEmpty()); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); DbEntityManager dbEntityManager = spyOnSession(commandContext, DbEntityManager.class); authorizationService.isUserAuthorized(testUserId, null, Permissions.READ, Resources.TASK); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq((List<String>) null)); ArgumentCaptor<AuthorizationCheck> authorizationCheckArgument = ArgumentCaptor.forClass(AuthorizationCheck.class); verify(dbEntityManager).selectBoolean(eq("isUserAuthorizedForResource"), authorizationCheckArgument.capture()); AuthorizationCheck authorizationCheck = authorizationCheckArgument.getValue(); assertTrue(authorizationCheck.getAuthGroupIds().isEmpty()); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); DbEntityManager dbEntityManager = spyOnSession(commandContext, DbEntityManager.class); authorizationService.isUserAuthorized(testUserId, testGroupIds, Permissions.READ, Resources.TASK); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); ArgumentCaptor<AuthorizationCheck> authorizationCheckArgument = ArgumentCaptor.forClass(AuthorizationCheck.class); verify(dbEntityManager).selectBoolean(eq("isUserAuthorizedForResource"), authorizationCheckArgument.capture()); AuthorizationCheck authorizationCheck = authorizationCheckArgument.getValue(); assertEquals(testGroupIds.subList(0, 1), authorizationCheck.getAuthGroupIds()); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery()); AuthorizationCheck authCheck = spy(new AuthorizationCheck()); when(taskQuery.getAuthCheck()).thenReturn(authCheck); taskQuery.list(); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq((List<String>) null)); verify(authCheck).setAuthGroupIds(eq(Collections.<String>emptyList())); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery()); AuthorizationCheck authCheck = spy(new AuthorizationCheck()); when(taskQuery.getAuthCheck()).thenReturn(authCheck); taskQuery.list(); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); verify(authCheck, atLeastOnce()).setAuthGroupIds((List<String>) argThat(containsInAnyOrder(testGroupIds.toArray()))); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery()); AuthorizationCheck authCheck = spy(new AuthorizationCheck()); when(taskQuery.getAuthCheck()).thenReturn(authCheck); taskQuery.list(); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); verify(authCheck).setAuthGroupIds(eq(Collections.<String>emptyList())); return null; } });
@Before public void setup() { mockedCmdContext = mock(CommandContext.class); mockedConfiguration = mock(ProcessEngineConfigurationImpl.class); authorizationManager = spy(new AuthorizationManager()); mockedEntityManager = mock(DbEntityManager.class); when(mockedCmdContext.getSession(eq(DbEntityManager.class))).thenReturn(mockedEntityManager); when(authorizationManager.filterAuthenticatedGroupIds(eq(AUTHENTICATED_GROUPS))).thenReturn(AUTHENTICATED_GROUPS); when(mockedCmdContext.getAuthentication()).thenReturn(new Authentication(AUTHENTICATED_USER_ID, AUTHENTICATED_GROUPS)); when(mockedCmdContext.isAuthorizationCheckEnabled()).thenReturn(true); when(mockedConfiguration.isAuthorizationEnabled()).thenReturn(true); Context.setCommandContext(mockedCmdContext); Context.setProcessEngineConfiguration(mockedConfiguration); }
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery()); AuthorizationCheck authCheck = spy(new AuthorizationCheck()); when(taskQuery.getAuthCheck()).thenReturn(authCheck); taskQuery.list(); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); verify(authCheck).setAuthGroupIds(eq(testGroupIds.subList(0, 1))); return null; } });
public void enableQueryAuthCheck(AuthorizationCheck authCheck) { List<String> authGroupIds = authCheck.getAuthGroupIds(); String authUserId = authCheck.getAuthUserId(); authCheck.setAuthorizationCheckEnabled(true); authCheck.setAuthGroupIds(filterAuthenticatedGroupIds(authGroupIds)); authCheck.setRevokeAuthorizationCheckEnabled(isRevokeAuthCheckEnabled(authUserId, authGroupIds)); }
public void enableQueryAuthCheck(AuthorizationCheck authCheck) { List<String> authGroupIds = authCheck.getAuthGroupIds(); String authUserId = authCheck.getAuthUserId(); authCheck.setAuthorizationCheckEnabled(true); authCheck.setAuthGroupIds(filterAuthenticatedGroupIds(authGroupIds)); authCheck.setRevokeAuthorizationCheckEnabled(isRevokeAuthCheckEnabled(authUserId, authGroupIds)); }
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) { for (PermissionCheck permissionCheck : compositePermissionCheck.getAllPermissionChecks()) { if (!isResourceValidForPermission(permissionCheck)) { throw LOG.invalidResourceForPermission(permissionCheck.getResource().resourceName(), permissionCheck.getPermission().getName()); } } List<String> filteredGroupIds = filterAuthenticatedGroupIds(groupIds); boolean isRevokeAuthorizationCheckEnabled = isRevokeAuthCheckEnabled(userId, groupIds); AuthorizationCheck authCheck = new AuthorizationCheck(userId, filteredGroupIds, compositePermissionCheck, isRevokeAuthorizationCheckEnabled); return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authCheck); }
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) { for (PermissionCheck permissionCheck : compositePermissionCheck.getAllPermissionChecks()) { if (!isResourceValidForPermission(permissionCheck)) { throw LOG.invalidResourceForPermission(permissionCheck.getResource().resourceName(), permissionCheck.getPermission().getName()); } } List<String> filteredGroupIds = filterAuthenticatedGroupIds(groupIds); boolean isRevokeAuthorizationCheckEnabled = isRevokeAuthCheckEnabled(userId, groupIds); AuthorizationCheck authCheck = new AuthorizationCheck(userId, filteredGroupIds, compositePermissionCheck, isRevokeAuthorizationCheckEnabled); return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authCheck); }
public boolean isAuthorized(String userId, List<String> groupIds, List<PermissionCheck> permissionChecks) { if(!isAuthorizationEnabled()) { return true; } for (PermissionCheck permissionCheck : permissionChecks) { if (!isResourceValidForPermission(permissionCheck)) { throw LOG.invalidResourceForPermission(permissionCheck.getResource().resourceName(), permissionCheck.getPermission().getName()); } } List<String> filteredGroupIds = filterAuthenticatedGroupIds(groupIds); boolean isRevokeAuthorizationCheckEnabled = isRevokeAuthCheckEnabled(userId, groupIds); AuthorizationCheck authCheck = new AuthorizationCheck(userId, filteredGroupIds, permissionChecks, isRevokeAuthorizationCheckEnabled); return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authCheck); }
public boolean isAuthorized(String userId, List<String> groupIds, List<PermissionCheck> permissionChecks) { if(!isAuthorizationEnabled()) { return true; } for (PermissionCheck permissionCheck : permissionChecks) { if (!isResourceValidForPermission(permissionCheck)) { throw LOG.invalidResourceForPermission(permissionCheck.getResource().resourceName(), permissionCheck.getPermission().getName()); } } List<String> filteredGroupIds = filterAuthenticatedGroupIds(groupIds); boolean isRevokeAuthorizationCheckEnabled = isRevokeAuthCheckEnabled(userId, groupIds); AuthorizationCheck authCheck = new AuthorizationCheck(userId, filteredGroupIds, permissionChecks, isRevokeAuthorizationCheckEnabled); return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authCheck); }
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck) { List<String> filteredGroupIds = filterAuthenticatedGroupIds(groupIds); boolean isRevokeAuthorizationCheckEnabled = isRevokeAuthCheckEnabled(userId, groupIds); AuthorizationCheck authCheck = new AuthorizationCheck(userId, filteredGroupIds, compositePermissionCheck, isRevokeAuthorizationCheckEnabled); return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authCheck); }
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); DbEntityManager dbEntityManager = spyOnSession(commandContext, DbEntityManager.class); authorizationService.isUserAuthorized(testUserId, testGroupIds, Permissions.READ, Resources.TASK); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); ArgumentCaptor<AuthorizationCheck> authorizationCheckArgument = ArgumentCaptor.forClass(AuthorizationCheck.class); verify(dbEntityManager).selectBoolean(eq("isUserAuthorizedForResource"), authorizationCheckArgument.capture()); AuthorizationCheck authorizationCheck = authorizationCheckArgument.getValue(); assertThat(authorizationCheck.getAuthGroupIds(), containsInAnyOrder(testGroupIds.toArray())); return null; } });
public Void execute(CommandContext commandContext) { AuthorizationManager authorizationManager = spyOnSession(commandContext, AuthorizationManager.class); TaskQueryImpl taskQuery = (TaskQueryImpl) spy(processEngine.getTaskService().createTaskQuery()); AuthorizationCheck authCheck = spy(new AuthorizationCheck()); when(taskQuery.getAuthCheck()).thenReturn(authCheck); taskQuery.list(); verify(authorizationManager, atLeastOnce()).filterAuthenticatedGroupIds(eq(testGroupIds)); verify(authCheck).setAuthGroupIds(eq(Collections.<String>emptyList())); return null; } });