org.camunda.bpm.engine.impl.persistence.entity

Class AuthorizationManager

java.lang.Object

org.camunda.bpm.engine.impl.persistence.AbstractManager

org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager

All Implemented Interfaces:

Session

public class AuthorizationManager
extends AbstractManager

Author:

Daniel Meyer

Field Summary

Fields

Modifier and Type	Field and Description
protected Set<String>	availableAuthorizedGroupIds Group ids for which authorizations exist in the database.
protected static List<String>	EMPTY_LIST
protected Boolean	isRevokeAuthCheckUsed
protected static EnginePersistenceLogger	LOG

Constructor Summary

Constructors

Constructor and Description
AuthorizationManager()

Method Summary

Modifier and Type	Method and Description
protected void	addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck)
void	checkAuthorization(CompositePermissionCheck compositePermissionCheck)
void	checkAuthorization(Permission permission, Resource resource)
void	checkAuthorization(Permission permission, Resource resource, String resourceId)
void	checkCamundaAdmin() Checks if the current authentication contains the group Groups.CAMUNDA_ADMIN.
void	configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
void	configureBatchQuery(BatchQueryImpl query)
void	configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)
void	configureConditionalEventSubscriptionQuery(ListQueryParameterObject query)
void	configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)
void	configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)
void	configureDeploymentQuery(DeploymentQueryImpl query)
void	configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
void	configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
void	configureExecutionQuery(AbstractQuery query)
void	configureExternalTaskFetch(ListQueryParameterObject parameter)
void	configureExternalTaskQuery(ExternalTaskQueryImpl query)
void	configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
void	configureHistoricBatchQuery(HistoricBatchQueryImpl query)
void	configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)
void	configureHistoricDetailQuery(HistoricDetailQueryImpl query)
void	configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)
void	configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)
void	configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
void	configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
void	configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
void	configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
void	configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
void	configureIncidentQuery(IncidentQueryImpl query)
void	configureJobDefinitionQuery(JobDefinitionQueryImpl query)
void	configureJobQuery(JobQueryImpl query)
void	configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
void	configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
void	configureQuery(AbstractQuery query, Resource resource)
void	configureQuery(AbstractQuery query, Resource resource, String queryParam)
void	configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission)
void	configureQuery(ListQueryParameterObject query)
void	configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource)
void	configureTaskQuery(TaskQueryImpl query)
void	configureUserOperationLogQuery(UserOperationLogQueryImpl query)
protected void	configureVariableInstanceQuery(VariableInstanceQueryImpl query)
protected CompositePermissionCheck	createCompositePermissionCheck(PermissionCheck permissionCheck)
Authorization	createNewAuthorization(int type)
void	delete(DbEntity authorization)
void	deleteAuthorizationsByResourceId(Resource resource, String resourceId)
void	deleteAuthorizationsByResourceIdAndGroupId(Resource resource, String resourceId, String groupId)
void	deleteAuthorizationsByResourceIdAndUserId(Resource resource, String resourceId, String userId)
void	enableQueryAuthCheck(AuthorizationCheck authCheck)
List<String>	filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
AuthorizationEntity	findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId)
AuthorizationEntity	findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId)
AuthorizationEntity	findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId)
void	insert(DbEntity authorization)
protected boolean	isAuthCheckExecuted()
boolean	isAuthorized(CompositePermissionCheck compositePermissionCheck)
boolean	isAuthorized(Permission permission, Resource resource, String resourceId)
boolean	isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck)
boolean	isAuthorized(String userId, List<String> groupIds, PermissionCheck permissionCheck)
boolean	isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)
boolean	isCamundaAdmin(Authentication authentication)
boolean	isEnsureSpecificVariablePermission()
boolean	isPermissionDisabled(Permission permission)
protected boolean	isResourceValidForPermission(PermissionCheck permissionCheck)
protected boolean	isRevokeAuthCheckEnabled(String userId, List<String> groupIds)
PermissionCheckBuilder	newPermissionCheckBuilder()
List<Authorization>	selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
Long	selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
void	update(AuthorizationEntity authorization)
void	validateResourceCompatibility(AuthorizationEntity authorization)

Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager

close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

protected static final EnginePersistenceLogger LOG

EMPTY_LIST

protected static final List<String> EMPTY_LIST

availableAuthorizedGroupIds

protected Set<String> availableAuthorizedGroupIds

Group ids for which authorizations exist in the database. This is initialized once per command by the filterAuthenticatedGroupIds(List) method. (Manager instances are command scoped). It is used to only check authorizations for groups for which authorizations exist. In other words, if for a given group no authorization exists in the DB, then auth checks are not performed for this group.

isRevokeAuthCheckUsed

protected Boolean isRevokeAuthCheckUsed

Constructor Detail

AuthorizationManager

public AuthorizationManager()

Method Detail

newPermissionCheckBuilder

public PermissionCheckBuilder newPermissionCheckBuilder()

createNewAuthorization

public Authorization createNewAuthorization(int type)

insert

public void insert(DbEntity authorization)

Overrides:

insert in class AbstractManager

selectAuthorizationByQueryCriteria

public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)

selectAuthorizationCountByQueryCriteria

public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)

findAuthorizationByUserIdAndResourceId

public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type,
                                                                  String userId,
                                                                  Resource resource,
                                                                  String resourceId)

findAuthorizationByGroupIdAndResourceId

public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type,
                                                                   String groupId,
                                                                   Resource resource,
                                                                   String resourceId)

findAuthorization

public AuthorizationEntity findAuthorization(int type,
                                             String userId,
                                             String groupId,
                                             Resource resource,
                                             String resourceId)

update

public void update(AuthorizationEntity authorization)

delete

public void delete(DbEntity authorization)

Overrides:

delete in class AbstractManager

checkAuthorization

public void checkAuthorization(CompositePermissionCheck compositePermissionCheck)

checkAuthorization

public void checkAuthorization(Permission permission,
                               Resource resource)

checkAuthorization

public void checkAuthorization(Permission permission,
                               Resource resource,
                               String resourceId)

Overrides:

checkAuthorization in class AbstractManager

isAuthorized

public boolean isAuthorized(Permission permission,
                            Resource resource,
                            String resourceId)

isAuthorized

public boolean isAuthorized(String userId,
                            List<String> groupIds,
                            Permission permission,
                            Resource resource,
                            String resourceId)

isAuthorized

public boolean isAuthorized(String userId,
                            List<String> groupIds,
                            PermissionCheck permissionCheck)

isRevokeAuthCheckEnabled

protected boolean isRevokeAuthCheckEnabled(String userId,
                                           List<String> groupIds)

createCompositePermissionCheck

protected CompositePermissionCheck createCompositePermissionCheck(PermissionCheck permissionCheck)

isAuthorized

public boolean isAuthorized(String userId,
                            List<String> groupIds,
                            CompositePermissionCheck compositePermissionCheck)

isAuthorized

public boolean isAuthorized(CompositePermissionCheck compositePermissionCheck)

isResourceValidForPermission

protected boolean isResourceValidForPermission(PermissionCheck permissionCheck)

validateResourceCompatibility

public void validateResourceCompatibility(AuthorizationEntity authorization)

configureQuery

public void configureQuery(ListQueryParameterObject query)

configureQueryHistoricFinishedInstanceReport

public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query,
                                                         Resource resource)

enableQueryAuthCheck

public void enableQueryAuthCheck(AuthorizationCheck authCheck)

configureQuery

public void configureQuery(AbstractQuery query,
                           Resource resource)

Overrides:

configureQuery in class AbstractManager

configureQuery

public void configureQuery(AbstractQuery query,
                           Resource resource,
                           String queryParam)

configureQuery

public void configureQuery(AbstractQuery query,
                           Resource resource,
                           String queryParam,
                           Permission permission)

isPermissionDisabled

public boolean isPermissionDisabled(Permission permission)

addPermissionCheck

protected void addPermissionCheck(AuthorizationCheck authCheck,
                                  CompositePermissionCheck compositeCheck)

deleteAuthorizationsByResourceId

public void deleteAuthorizationsByResourceId(Resource resource,
                                             String resourceId)

deleteAuthorizationsByResourceIdAndUserId

public void deleteAuthorizationsByResourceIdAndUserId(Resource resource,
                                                      String resourceId,
                                                      String userId)

deleteAuthorizationsByResourceIdAndGroupId

public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource,
                                                       String resourceId,
                                                       String groupId)

checkCamundaAdmin

public void checkCamundaAdmin()

Checks if the current authentication contains the group Groups.CAMUNDA_ADMIN. The check is ignored if the authorization is disabled or no authentication exists.

Throws:

AuthorizationException

isCamundaAdmin

public boolean isCamundaAdmin(Authentication authentication)

Parameters:

authentication - authentication to check, cannot be null

Returns:

true if the given authentication contains the group Groups.CAMUNDA_ADMIN or the user

configureDeploymentQuery

public void configureDeploymentQuery(DeploymentQueryImpl query)

configureProcessDefinitionQuery

public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)

configureExecutionQuery

public void configureExecutionQuery(AbstractQuery query)

configureTaskQuery

public void configureTaskQuery(TaskQueryImpl query)

configureEventSubscriptionQuery

public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)

configureConditionalEventSubscriptionQuery

public void configureConditionalEventSubscriptionQuery(ListQueryParameterObject query)

configureIncidentQuery

public void configureIncidentQuery(IncidentQueryImpl query)

configureVariableInstanceQuery

protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query)

configureJobDefinitionQuery

public void configureJobDefinitionQuery(JobDefinitionQueryImpl query)

configureJobQuery

public void configureJobQuery(JobQueryImpl query)

configureHistoricProcessInstanceQuery

public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)

configureHistoricActivityInstanceQuery

public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)

configureHistoricTaskInstanceQuery

public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)

configureHistoricVariableInstanceQuery

public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)

configureHistoricDetailQuery

public void configureHistoricDetailQuery(HistoricDetailQueryImpl query)

configureHistoricJobLogQuery

public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)

configureHistoricIncidentQuery

public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)

configureHistoricIdentityLinkQuery

public void configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)

configureHistoricDecisionInstanceQuery

public void configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)

configureHistoricExternalTaskLogQuery

public void configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)

configureUserOperationLogQuery

public void configureUserOperationLogQuery(UserOperationLogQueryImpl query)

configureHistoricBatchQuery

public void configureHistoricBatchQuery(HistoricBatchQueryImpl query)

configureDeploymentStatisticsQuery

public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)

configureProcessDefinitionStatisticsQuery

public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)

configureActivityStatisticsQuery

public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)

configureExternalTaskQuery

public void configureExternalTaskQuery(ExternalTaskQueryImpl query)

configureExternalTaskFetch

public void configureExternalTaskFetch(ListQueryParameterObject parameter)

configureDecisionDefinitionQuery

public void configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)

configureDecisionRequirementsDefinitionQuery

public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)

configureBatchQuery

public void configureBatchQuery(BatchQueryImpl query)

configureBatchStatisticsQuery

public void configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)

filterAuthenticatedGroupIds

public List<String> filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)

isAuthCheckExecuted

protected boolean isAuthCheckExecuted()

isEnsureSpecificVariablePermission

public boolean isEnsureSpecificVariablePermission()