Package org.camunda.bpm.engine

Class AuthorizationException

  • All Implemented Interfaces:
    java.io.Serializable
    public class AuthorizationException
extends ProcessEngineException

    Exception thrown by the process engine in case a user tries to interact with a resource in an unauthorized way.

    The exception contains a list of Missing authorizations. The List is a disjunction i.e. a user should have any of the authorization for the engine to continue the execution beyond the point where it failed.

    Author:
    Daniel Meyer
    See Also:
    Serialized Form

    • Field Detail

      • userId

        protected final java.lang.String userId

      • resourceType

        @Deprecated
protected java.lang.String resourceType
        Deprecated.

      • permissionName

        @Deprecated
protected java.lang.String permissionName
        Deprecated.

      • resourceId

        @Deprecated
protected java.lang.String resourceId
        Deprecated.

    • Constructor Detail

      • AuthorizationException

        public AuthorizationException​(java.lang.String message)

      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                              java.lang.String permissionName,
                              java.lang.String resourceType,
                              java.lang.String resourceId)

      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                              MissingAuthorization exceptionInfo)

      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                              java.util.List<MissingAuthorization> info)

    • Method Detail

      • getViolatedPermissionName

        @Deprecated
public java.lang.String getViolatedPermissionName()
        Deprecated.
        Use getMissingAuthorizations() to get the violated permission name of the MissingAuthorization(s). This method may be removed in future versions.
        Returns:
        the type of the violated permission name if there is only one MissingAuthorization, null otherwise

      • getUserId

        public java.lang.String getUserId()
        Returns:
        id of the user in which context the request was made and who misses authorizations to perform it successfully

      • getMissingAuthorizations

        public java.util.List<MissingAuthorization> getMissingAuthorizations()
        Returns:
        Disjunctive list of MissingAuthorization from which a user needs to have at least one for the authorization to pass

      • generateMissingAuthorizationsList

        public static java.lang.String generateMissingAuthorizationsList​(java.util.List<MissingAuthorization> missingAuthorizations)
        Generate a String containing a list of missing authorizations.
        Parameters:
        missingAuthorizations -