Class AuthorizationException

  • All Implemented Interfaces:

    public class AuthorizationException
    extends ProcessEngineException

    Exception thrown by the process engine in case a user tries to interact with a resource in an unauthorized way.

    The exception contains a list of Missing authorizations. The List is a disjunction i.e. a user should have any of the authorization for the engine to continue the execution beyond the point where it failed.

    Daniel Meyer
    See Also:
    Serialized Form
    • Field Detail

      • userId

        protected final java.lang.String userId
      • resourceType

        protected java.lang.String resourceType
      • permissionName

        protected java.lang.String permissionName
      • resourceId

        protected java.lang.String resourceId
    • Constructor Detail

      • AuthorizationException

        public AuthorizationException​(java.lang.String message)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      java.lang.String permissionName,
                                      java.lang.String resourceType,
                                      java.lang.String resourceId)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      MissingAuthorization exceptionInfo)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      java.util.List<MissingAuthorization> info)
    • Method Detail

      • getViolatedPermissionName

        public java.lang.String getViolatedPermissionName()
        Use getMissingAuthorizations() to get the violated permission name of the MissingAuthorization(s). This method may be removed in future versions.
        the type of the violated permission name if there is only one MissingAuthorization, null otherwise
      • getUserId

        public java.lang.String getUserId()
        id of the user in which context the request was made and who misses authorizations to perform it successfully
      • getMissingAuthorizations

        public java.util.List<MissingAuthorization> getMissingAuthorizations()
        Disjunctive list of MissingAuthorization from which a user needs to have at least one for the authorization to pass
      • generateMissingAuthorizationsList

        public static java.lang.String generateMissingAuthorizationsList​(java.util.List<MissingAuthorization> missingAuthorizations)
        Generate a String containing a list of missing authorizations.
        missingAuthorizations -