Class AuthorizationManager
- java.lang.Object
-
- org.camunda.bpm.engine.impl.persistence.AbstractManager
-
- org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
-
- All Implemented Interfaces:
Session
public class AuthorizationManager extends AbstractManager
- Author:
- Daniel Meyer
-
-
Field Summary
Fields Modifier and Type Field Description protected Set<String>
availableAuthorizedGroupIds
Group ids for which authorizations exist in the database.protected static List<String>
EMPTY_LIST
protected Boolean
isRevokeAuthCheckUsed
protected static EnginePersistenceLogger
LOG
-
Constructor Summary
Constructors Constructor Description AuthorizationManager()
-
Method Summary
-
Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager
close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCamundaFormDefinitionManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations
-
-
-
-
Field Detail
-
LOG
protected static final EnginePersistenceLogger LOG
-
availableAuthorizedGroupIds
protected Set<String> availableAuthorizedGroupIds
Group ids for which authorizations exist in the database. This is initialized once per command by thefilterAuthenticatedGroupIds(List)
method. (Manager instances are command scoped). It is used to only check authorizations for groups for which authorizations exist. In other words, if for a given group no authorization exists in the DB, then auth checks are not performed for this group.
-
isRevokeAuthCheckUsed
protected Boolean isRevokeAuthCheckUsed
-
-
Method Detail
-
newPermissionCheckBuilder
public PermissionCheckBuilder newPermissionCheckBuilder()
-
createNewAuthorization
public Authorization createNewAuthorization(int type)
-
insert
public void insert(DbEntity authorization)
- Overrides:
insert
in classAbstractManager
-
selectAuthorizationByQueryCriteria
public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
-
selectAuthorizationCountByQueryCriteria
public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
-
findAuthorizationByUserIdAndResourceId
public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type, String userId, Resource resource, String resourceId)
-
findAuthorizationByGroupIdAndResourceId
public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type, String groupId, Resource resource, String resourceId)
-
findAuthorization
public AuthorizationEntity findAuthorization(int type, String userId, String groupId, Resource resource, String resourceId)
-
update
public void update(AuthorizationEntity authorization)
-
delete
public void delete(DbEntity authorization)
- Overrides:
delete
in classAbstractManager
-
checkAuthorization
public void checkAuthorization(CompositePermissionCheck compositePermissionCheck)
-
checkAuthorization
public void checkAuthorization(Permission permission, Resource resource)
-
checkAuthorization
public void checkAuthorization(Permission permission, Resource resource, String resourceId)
- Overrides:
checkAuthorization
in classAbstractManager
-
isAuthorized
public boolean isAuthorized(Permission permission, Resource resource, String resourceId)
-
isAuthorized
public boolean isAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)
-
isAuthorized
public boolean isAuthorized(String userId, List<String> groupIds, PermissionCheck permissionCheck)
-
isRevokeAuthCheckEnabled
protected boolean isRevokeAuthCheckEnabled(String userId, List<String> groupIds)
-
createCompositePermissionCheck
protected CompositePermissionCheck createCompositePermissionCheck(PermissionCheck permissionCheck)
-
isAuthorized
public boolean isAuthorized(String userId, List<String> groupIds, CompositePermissionCheck compositePermissionCheck)
-
isAuthorized
public boolean isAuthorized(CompositePermissionCheck compositePermissionCheck)
-
isResourceValidForPermission
protected boolean isResourceValidForPermission(PermissionCheck permissionCheck)
-
validateResourceCompatibility
public void validateResourceCompatibility(AuthorizationEntity authorization)
-
configureQuery
public void configureQuery(ListQueryParameterObject query)
-
configureQueryHistoricFinishedInstanceReport
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query, Resource resource)
-
enableQueryAuthCheck
public void enableQueryAuthCheck(AuthorizationCheck authCheck)
-
configureQuery
public void configureQuery(AbstractQuery query, Resource resource)
- Overrides:
configureQuery
in classAbstractManager
-
configureQuery
public void configureQuery(AbstractQuery query, Resource resource, String queryParam)
-
configureQuery
public void configureQuery(AbstractQuery query, Resource resource, String queryParam, Permission permission)
-
isPermissionDisabled
public boolean isPermissionDisabled(Permission permission)
-
addPermissionCheck
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck)
-
deleteAuthorizationsByResourceIds
public void deleteAuthorizationsByResourceIds(Resources resource, List<String> resourceIds)
-
deleteAuthorizationsByResourceId
public void deleteAuthorizationsByResourceId(Resource resource, String resourceId)
-
deleteAuthorizationsByResourceIdAndUserId
public void deleteAuthorizationsByResourceIdAndUserId(Resource resource, String resourceId, String userId)
-
deleteAuthorizationsByResourceIdAndGroupId
public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource, String resourceId, String groupId)
-
checkCamundaAdmin
public void checkCamundaAdmin()
Checks if the current authentication contains the groupGroups.CAMUNDA_ADMIN
. The check is ignored if the authorization is disabled or no authentication exists.- Throws:
AuthorizationException
-
checkCamundaAdminOrPermission
public void checkCamundaAdminOrPermission(Consumer<CommandChecker> permissionCheck)
-
isCamundaAdmin
public boolean isCamundaAdmin(Authentication authentication)
- Parameters:
authentication
- authentication to check, cannot benull
- Returns:
true
if the given authentication contains the groupGroups.CAMUNDA_ADMIN
or the user
-
configureDeploymentQuery
public void configureDeploymentQuery(DeploymentQueryImpl query)
-
configureProcessDefinitionQuery
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
-
configureExecutionQuery
public void configureExecutionQuery(AbstractQuery query)
-
configureTaskQuery
public void configureTaskQuery(TaskQueryImpl query)
-
configureEventSubscriptionQuery
public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
-
configureConditionalEventSubscriptionQuery
public void configureConditionalEventSubscriptionQuery(ListQueryParameterObject query)
-
configureIncidentQuery
public void configureIncidentQuery(IncidentQueryImpl query)
-
configureVariableInstanceQuery
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query)
-
configureJobDefinitionQuery
public void configureJobDefinitionQuery(JobDefinitionQueryImpl query)
-
configureJobQuery
public void configureJobQuery(JobQueryImpl query)
-
configureHistoricProcessInstanceQuery
public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
-
configureHistoricActivityInstanceQuery
public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
-
configureHistoricTaskInstanceQuery
public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
-
configureHistoricVariableInstanceQuery
public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
-
configureHistoricDetailQuery
public void configureHistoricDetailQuery(HistoricDetailQueryImpl query)
-
configureHistoricVariableAndDetailQuery
protected void configureHistoricVariableAndDetailQuery(AbstractQuery query)
-
configureHistoricJobLogQuery
public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
-
configureHistoricIncidentQuery
public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
-
configureHistoricIdentityLinkQuery
public void configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)
-
configureHistoricDecisionInstanceQuery
public void configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)
-
configureHistoricExternalTaskLogQuery
public void configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)
-
configureUserOperationLogQuery
public void configureUserOperationLogQuery(UserOperationLogQueryImpl query)
-
configureHistoricBatchQuery
public void configureHistoricBatchQuery(HistoricBatchQueryImpl query)
-
configureDeploymentStatisticsQuery
public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
-
configureProcessDefinitionStatisticsQuery
public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
-
configureActivityStatisticsQuery
public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
-
configureExternalTaskQuery
public void configureExternalTaskQuery(ExternalTaskQueryImpl query)
-
configureExternalTaskFetch
public void configureExternalTaskFetch(ListQueryParameterObject parameter)
-
configureDecisionDefinitionQuery
public void configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)
-
configureDecisionRequirementsDefinitionQuery
public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)
-
configureBatchQuery
public void configureBatchQuery(BatchQueryImpl query)
-
configureBatchStatisticsQuery
public void configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)
-
filterAuthenticatedGroupIds
public List<String> filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
-
isAuthCheckExecuted
protected boolean isAuthCheckExecuted()
-
isEnsureSpecificVariablePermission
public boolean isEnsureSpecificVariablePermission()
-
isHistoricInstancePermissionsEnabled
protected boolean isHistoricInstancePermissionsEnabled()
-
addRemovalTimeToAuthorizationsByRootProcessInstanceId
public void addRemovalTimeToAuthorizationsByRootProcessInstanceId(String rootProcessInstanceId, Date removalTime)
-
addRemovalTimeToAuthorizationsByProcessInstanceId
public void addRemovalTimeToAuthorizationsByProcessInstanceId(String processInstanceId, Date removalTime)
-
deleteAuthorizationsByRemovalTime
public DbOperation deleteAuthorizationsByRemovalTime(Date removalTime, int minuteFrom, int minuteTo, int batchSize)
-
-