/** * Sets the security context per last updater of the current process instance's job definition. * * @param applicationUser the application user */ protected void setSecurityContext(ApplicationUser applicationUser) { userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken( new SecurityUserWrapper(applicationUser.getUserId(), "", true, true, true, true, Collections.emptyList(), applicationUser), null)); }
/** * Sets the security context per last updater of the current process instance's job definition. * * @param applicationUser the application user */ protected void setSecurityContext(ApplicationUser applicationUser) { userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken( new SecurityUserWrapper(applicationUser.getUserId(), "", true, true, true, true, Collections.emptyList(), applicationUser), null)); }
/** * Builds the application user from the header map. * * @param headerMap the map of headers. * @param includeRoles If true, the user's roles will be included. Otherwise, not. * * @return the application user. */ protected ApplicationUser buildUser(Map<String, String> headerMap, boolean includeRoles) { LOGGER.debug("Creating Application User From Headers"); Map<String, String> headerNames = getHeaderNames(); // Build the user in pieces. ApplicationUser applicationUser = createNewApplicationUser(); buildUserId(applicationUser, headerMap, headerNames.get(HTTP_HEADER_USER_ID)); buildFirstName(applicationUser, headerMap, headerNames.get(HTTP_HEADER_FIRST_NAME)); buildLastName(applicationUser, headerMap, headerNames.get(HTTP_HEADER_LAST_NAME)); buildEmail(applicationUser, headerMap, headerNames.get(HTTP_HEADER_EMAIL)); buildSessionId(applicationUser, headerMap, HTTP_HEADER_SESSION_ID); buildSessionInitTime(applicationUser, headerMap, headerNames.get(HTTP_HEADER_SESSION_INIT_TIME)); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); if (includeRoles) { buildRoles(applicationUser, headerMap, headerNames.get(HTTP_HEADER_ROLES)); } LOGGER.debug("Application user created successfully: " + applicationUser); return applicationUser; }
@Test public void testBuildNamespaceAuthorizationsAssertWildcardEntityNotAddedIfMatchFails() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> wildcardEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity wildcardEntity = new UserNamespaceAuthorizationEntity(); wildcardEntity.setUserId("wildcardEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); wildcardEntity.setNamespace(namespaceEntity); wildcardEntities.add(wildcardEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(any())).thenReturn(wildcardEntities); when(wildcardHelper.matches(any(), any())).thenReturn(false); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(0, applicationUser.getNamespaceAuthorizations().size()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verify(wildcardHelper).matches(eq(userId.toUpperCase()), eq(wildcardEntity.getUserId().toUpperCase())); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); } }
inOrder.verify(activitiService).getProcessDefinitionById(processDefinitionId); inOrder.verify(jobDefinitionDaoHelper).getJobDefinitionEntity(jobDefinitionNamespace, jobDefinitionName); inOrder.verify(userNamespaceAuthorizationHelper).buildNamespaceAuthorizations(applicationUserUserIdEq(updatedBy)); inOrder.verify(activitiRuntimeHelper).setTaskSuccessInWorkflow(delegateExecution); inOrder.verifyNoMoreInteractions();
inOrder.verify(activitiService).getProcessDefinitionById(processDefinitionId); inOrder.verify(jobDefinitionDaoHelper).getJobDefinitionEntity(jobDefinitionNamespace, jobDefinitionName); inOrder.verify(userNamespaceAuthorizationHelper).buildNamespaceAuthorizations(applicationUserUserIdEq(updatedBy)); inOrder.verifyNoMoreInteractions(); verifyNoMoreInteractions(activitiService, jobDefinitionDaoHelper, userNamespaceAuthorizationHelper);
@Test public void testBuildNamespaceAuthorizationsAssertWildcardQueryExecuted() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> wildcardEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity wildcardEntity = new UserNamespaceAuthorizationEntity(); wildcardEntity.setUserId("wildcardEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); wildcardEntity.setNamespace(namespaceEntity); wildcardEntities.add(wildcardEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(any())).thenReturn(wildcardEntities); when(wildcardHelper.matches(any(), any())).thenReturn(true); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verify(wildcardHelper).matches(eq(userId.toUpperCase()), eq(wildcardEntity.getUserId().toUpperCase())); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }
@Test public void testBuildNamespaceAuthorizationsAssertAuthLookupByUserId() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> userNamespaceAuthorizationEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity = new UserNamespaceAuthorizationEntity(); userNamespaceAuthorizationEntity.setUserId("userNamespaceAuthorizationEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); userNamespaceAuthorizationEntity.setNamespace(namespaceEntity); userNamespaceAuthorizationEntities.add(userNamespaceAuthorizationEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserId(any())).thenReturn(userNamespaceAuthorizationEntities); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }