org.camunda.bpm.engine.impl.cfg.auth

Class DefaultAuthorizationProvider

java.lang.Object

org.camunda.bpm.engine.impl.cfg.auth.DefaultAuthorizationProvider

All Implemented Interfaces:

ResourceAuthorizationProvider

public class DefaultAuthorizationProvider
extends Object
implements ResourceAuthorizationProvider

Provides the default authorizations for camunda BPM.

Author:

Daniel Meyer

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizationProvider()

Method Summary

Modifier and Type	Method and Description
protected boolean	areIdsEqual(String firstId, String secondId)
protected AuthorizationEntity	createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
AuthorizationEntity[]	deleteTaskGroupIdentityLink(Task task, String groupId, String type) Invoked whenever a group identity link of a task has been deleted.
AuthorizationEntity[]	deleteTaskUserIdentityLink(Task task, String userId, String type) Invoked whenever a user identity link of a task has been deleted.
protected AuthorizationManager	getAuthorizationManager()
protected Permission	getDefaultUserPermissionForTask()
protected AuthorizationEntity	getGrantAuthorizationByGroupId(String groupId, Resource resource, String resourceId)
protected AuthorizationEntity	getGrantAuthorizationByUserId(String userId, Resource resource, String resourceId)
AuthorizationEntity[]	groupMembershipCreated(String groupId, String userId) Invoked whenever a user is added to a group
protected boolean	hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId)
AuthorizationEntity[]	newDecisionDefinition(DecisionDefinition decisionDefinition) Invoked whenever a new decision definition is created.
AuthorizationEntity[]	newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition) Invoked whenever a new decision requirements definition is created.
AuthorizationEntity[]	newDeployment(Deployment deployment) Invoked whenever a new deployment is created
AuthorizationEntity[]	newFilter(Filter filter) Invoked whenever a new filter is created
AuthorizationEntity[]	newGroup(Group group) Invoked whenever a new group is created
AuthorizationEntity[]	newProcessDefinition(ProcessDefinition processDefinition) Invoked whenever a new process definition is created
AuthorizationEntity[]	newProcessInstance(ProcessInstance processInstance) Invoked whenever a new process instance is started
AuthorizationEntity[]	newTask(Task task) Invoked whenever a new task is created
AuthorizationEntity[]	newTaskAssignee(Task task, String oldAssignee, String newAssignee) Invoked whenever an user has been assigned to a task.
AuthorizationEntity[]	newTaskGroupIdentityLink(Task task, String groupId, String type) Invoked whenever a new group identity link has been added to a task.
AuthorizationEntity[]	newTaskOwner(Task task, String oldOwner, String newOwner) Invoked whenever an user has been set as the owner of a task.
AuthorizationEntity[]	newTaskUserIdentityLink(Task task, String userId, String type) Invoked whenever a new user identity link has been added to a task.
AuthorizationEntity[]	newTenant(Tenant tenant) Invoked whenever a new tenant is created
AuthorizationEntity[]	newUser(User user) Invoked whenever a new user is created
AuthorizationEntity[]	tenantMembershipCreated(Tenant tenant, Group group) Invoked whenever a group is added to a tenant.
AuthorizationEntity[]	tenantMembershipCreated(Tenant tenant, User user) Invoked whenever an user is added to a tenant.
protected AuthorizationEntity	updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
protected void	updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId) Searches through the cache, if there is already an authorization with same rights.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthorizationProvider

public DefaultAuthorizationProvider()

Method Detail

newUser

public AuthorizationEntity[] newUser(User user)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new user is created

Specified by:

newUser in interface ResourceAuthorizationProvider

Parameters:

user - a newly created user

Returns:

a list of authorizations to be automatically added when a new user is created.

newGroup

public AuthorizationEntity[] newGroup(Group group)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new group is created

Specified by:

newGroup in interface ResourceAuthorizationProvider

Parameters:

group - a newly created Group

Returns:

a list of authorizations to be automatically added when a new Group is created.

newTenant

public AuthorizationEntity[] newTenant(Tenant tenant)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new tenant is created

Specified by:

newTenant in interface ResourceAuthorizationProvider

Parameters:

tenant - a newly created Tenant

Returns:

a list of authorizations to be automatically added when a new Tenant is created.

groupMembershipCreated

public AuthorizationEntity[] groupMembershipCreated(String groupId,
                                                    String userId)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a user is added to a group

Specified by:

groupMembershipCreated in interface ResourceAuthorizationProvider

Parameters:

groupId - the id of the group to which the user is added

userId - the id of the user who is added to a group a newly created User

Returns:

a list of authorizations to be automatically added when a new User is created.

tenantMembershipCreated

public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant,
                                                     User user)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user is added to a tenant.

Specified by:

tenantMembershipCreated in interface ResourceAuthorizationProvider

Parameters:

tenant - the id of the tenant

Returns:

a list of authorizations to be automatically added when a new membership is created.

tenantMembershipCreated

public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant,
                                                     Group group)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a group is added to a tenant.

Specified by:

tenantMembershipCreated in interface ResourceAuthorizationProvider

Parameters:

tenant - the id of the tenant

Returns:

a list of authorizations to be automatically added when a new membership is created.

newFilter

public AuthorizationEntity[] newFilter(Filter filter)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new filter is created

Specified by:

newFilter in interface ResourceAuthorizationProvider

Parameters:

filter - the newly created filter

Returns:

a list of authorizations to be automatically added when a new Filter is created.

newDeployment

public AuthorizationEntity[] newDeployment(Deployment deployment)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new deployment is created

Specified by:

newDeployment in interface ResourceAuthorizationProvider

Parameters:

deployment - the newly created deployment

Returns:

a list of authorizations to be automatically added when a new Deployment is created.

newProcessDefinition

public AuthorizationEntity[] newProcessDefinition(ProcessDefinition processDefinition)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new process definition is created

Specified by:

newProcessDefinition in interface ResourceAuthorizationProvider

Parameters:

processDefinition - the newly created process definition

Returns:

a list of authorizations to be automatically added when a new ProcessDefinition is created.

newProcessInstance

public AuthorizationEntity[] newProcessInstance(ProcessInstance processInstance)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new process instance is started

Specified by:

newProcessInstance in interface ResourceAuthorizationProvider

Parameters:

processInstance - the newly started process instance

Returns:

a list of authorizations to be automatically added when a new ProcessInstance is started.

newTask

public AuthorizationEntity[] newTask(Task task)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new task is created

Specified by:

newTask in interface ResourceAuthorizationProvider

Parameters:

task - the newly created task

Returns:

a list of authorizations to be automatically added when a new Task is created.

newTaskAssignee

public AuthorizationEntity[] newTaskAssignee(Task task,
                                             String oldAssignee,
                                             String newAssignee)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user has been assigned to a task.

Specified by:

newTaskAssignee in interface ResourceAuthorizationProvider

Parameters:

task - the task on which the assignee has been changed

oldAssignee - the old assignee of the task

newAssignee - the new assignee of the task

Returns:

a list of authorizations to be automatically added when an assignee of a task changes.

newTaskOwner

public AuthorizationEntity[] newTaskOwner(Task task,
                                          String oldOwner,
                                          String newOwner)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user has been set as the owner of a task.

Specified by:

newTaskOwner in interface ResourceAuthorizationProvider

Parameters:

task - the task on which the owner has been changed

oldOwner - the old owner of the task

newOwner - the new owner of the task

Returns:

a list of authorizations to be automatically added when the owner of a task changes.

newTaskUserIdentityLink

public AuthorizationEntity[] newTaskUserIdentityLink(Task task,
                                                     String userId,
                                                     String type)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new user identity link has been added to a task.

Specified by:

newTaskUserIdentityLink in interface ResourceAuthorizationProvider

Parameters:

task - the task on which a new identity link has been added

userId - the user for which the identity link has been created

type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)

Returns:

a list of authorizations to be automatically added when a new user identity link has been added.

newTaskGroupIdentityLink

public AuthorizationEntity[] newTaskGroupIdentityLink(Task task,
                                                      String groupId,
                                                      String type)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new group identity link has been added to a task.

Specified by:

newTaskGroupIdentityLink in interface ResourceAuthorizationProvider

Parameters:

task - the task on which a new identity link has been added

groupId - the group for which the identity link has been created

type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)

Returns:

a list of authorizations to be automatically added when a new group identity link has been added.

deleteTaskUserIdentityLink

public AuthorizationEntity[] deleteTaskUserIdentityLink(Task task,
                                                        String userId,
                                                        String type)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a user identity link of a task has been deleted.

Specified by:

deleteTaskUserIdentityLink in interface ResourceAuthorizationProvider

Parameters:

task - the task on which the identity link has been deleted

userId - the user for which the identity link has been deleted

type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)

Returns:

a list of authorizations to be automatically deleted when a user identity link has been deleted.

deleteTaskGroupIdentityLink

public AuthorizationEntity[] deleteTaskGroupIdentityLink(Task task,
                                                         String groupId,
                                                         String type)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a group identity link of a task has been deleted.

Specified by:

deleteTaskGroupIdentityLink in interface ResourceAuthorizationProvider

Parameters:

task - the task on which the identity link has been deleted

groupId - the group for which the identity link has been deleted

type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)

Returns:

a list of authorizations to be automatically deleted when a group identity link has been deleted.

newDecisionDefinition

public AuthorizationEntity[] newDecisionDefinition(DecisionDefinition decisionDefinition)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new decision definition is created.

Specified by:

newDecisionDefinition in interface ResourceAuthorizationProvider

Parameters:

decisionDefinition - the newly created decision definition

Returns:

a list of authorizations to be automatically added when a new DecisionDefinition is created.

newDecisionRequirementsDefinition

public AuthorizationEntity[] newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition)

Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new decision requirements definition is created.

Specified by:

newDecisionRequirementsDefinition in interface ResourceAuthorizationProvider

Parameters:

decisionRequirementsDefinition - the newly created decision requirements definition

Returns:

a list of authorizations to be automatically added when a new DecisionRequirementsDefinition is created.

getAuthorizationManager

protected AuthorizationManager getAuthorizationManager()

getGrantAuthorizationByUserId

protected AuthorizationEntity getGrantAuthorizationByUserId(String userId,
                                                            Resource resource,
                                                            String resourceId)

getGrantAuthorizationByGroupId

protected AuthorizationEntity getGrantAuthorizationByGroupId(String groupId,
                                                             Resource resource,
                                                             String resourceId)

updateAuthorization

protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization,
                                                  String userId,
                                                  String groupId,
                                                  Resource resource,
                                                  String resourceId,
                                                  Permission... permissions)

createGrantAuthorization

protected AuthorizationEntity createGrantAuthorization(String userId,
                                                       String groupId,
                                                       Resource resource,
                                                       String resourceId,
                                                       Permission... permissions)

getDefaultUserPermissionForTask

protected Permission getDefaultUserPermissionForTask()

updateAuthorizationBasedOnCacheEntries

protected void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization,
                                                      String userId,
                                                      String groupId,
                                                      Resource resource,
                                                      String resourceId)

Searches through the cache, if there is already an authorization with same rights. If that's the case update the given authorization with the permissions and remove the old one from the cache.

hasEntitySameAuthorizationRights

protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity,
                                                   String userId,
                                                   String groupId,
                                                   Resource resource,
                                                   String resourceId)

areIdsEqual

protected boolean areIdsEqual(String firstId,
                              String secondId)