Package org.camunda.bpm.spring.boot.starter.security.oauth2.impl

Class OAuth2IdentityProvider

java.lang.Object

org.camunda.bpm.engine.impl.persistence.AbstractManager

org.camunda.bpm.engine.impl.identity.db.DbReadOnlyIdentityServiceProvider

org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider

org.camunda.bpm.spring.boot.starter.security.oauth2.impl.OAuth2IdentityProvider

All Implemented Interfaces:

ReadOnlyIdentityProvider, WritableIdentityProvider, Session

public class OAuth2IdentityProvider
extends DbIdentityServiceProvider

OAuth2 identity provider with fallback for DbIdentityServiceProvider if the Spring security context doesn't contain an authenticated user.

Since the fallback DbIdentityServiceProvider is a writeable provider this class is also writeable but with OAuth2 authentication it works effectively as a read-only provider.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OAuth2IdentityProvider.OAuth2GroupQuery
static class	OAuth2IdentityProvider.OAuth2TenantQuery
static class	OAuth2IdentityProvider.OAuth2UserQuery

Field Summary

Fields inherited from class org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider

LOG

Constructor Summary

Constructors

Constructor	Description
OAuth2IdentityProvider()

Method Summary

Modifier and Type	Method	Description
boolean	checkPassword(String userId, String password)
void	close()
GroupQuery	createGroupQuery()
GroupQuery	createGroupQuery(CommandContext commandContext)
IdentityOperationResult	createMembership(String userId, String groupId)	Creates a membership relation between a user and a group.
NativeUserQuery	createNativeUserQuery()	Creates a NativeUserQuery that allows to select users with native queries.
GroupEntity	createNewGroup(String groupId)	Returns a new (transient) Group object.
Tenant	createNewTenant(String tenantId)	Returns a new (transient) Tenant object.
UserEntity	createNewUser(String userId)	Returns a new (transient) User object.
IdentityOperationResult	createTenantGroupMembership(String tenantId, String groupId)	Creates a membership relation between a tenant and a group.
TenantQuery	createTenantQuery()
TenantQuery	createTenantQuery(CommandContext commandContext)
IdentityOperationResult	createTenantUserMembership(String tenantId, String userId)	Creates a membership relation between a tenant and a user.
UserQuery	createUserQuery()
UserQueryImpl	createUserQuery(CommandContext commandContext)
IdentityOperationResult	deleteGroup(String groupId)	Allows deleting a persistent Group object.
IdentityOperationResult	deleteMembership(String userId, String groupId)	Deletes a membership relation between a user and a group.
IdentityOperationResult	deleteTenant(String tenantId)	Allows deleting a persistent Tenant object.
IdentityOperationResult	deleteTenantGroupMembership(String tenantId, String groupId)	Deletes a membership relation between a tenant and a group.
IdentityOperationResult	deleteTenantUserMembership(String tenantId, String userId)	Deletes a membership relation between a tenant and a user.
IdentityOperationResult	deleteUser(String userId)	Allows deleting a persistent User object.
GroupEntity	findGroupById(String groupId)
TenantEntity	findTenantById(String tenantId)
UserEntity	findUserById(String userId)
void	flush()
protected static boolean	nullOrContainsIgnoreCase(String searchLike, String value)
IdentityOperationResult	saveGroup(Group group)	Allows saving a Group object which is not yet persistent.
IdentityOperationResult	saveTenant(Tenant tenant)	Allows saving a Tenant object which is not yet persistent.
IdentityOperationResult	saveUser(User user)	Allows saving or updates a User object
protected boolean	springSecurityAuthentication()
protected static List<Group>	transformGroups()
protected static UserEntity	transformUser()
IdentityOperationResult	unlockUser(String userId)	Allows unlocking a User object.
protected static void	unsupportedFilterForOAuth2()
protected static void	unsupportedOperationForOAuth2()

Methods inherited from class org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider

createDefaultAuthorizations, createDefaultAuthorizations, createDefaultAuthorizations, createDefaultMembershipAuthorizations, createDefaultTenantMembershipAuthorizations, createDefaultTenantMembershipAuthorizations, deleteMembershipsByGroupId, deleteMembershipsByUserId, deleteTenantMembershipsOfGroup, deleteTenantMembershipsOfTenant, deleteTenantMembershipsOfUser, isUserLocked, lockUser, unlockUser

Methods inherited from class org.camunda.bpm.engine.impl.identity.db.DbReadOnlyIdentityServiceProvider

checkAuthorization, configureQuery, existsMembership, existsTenantMembership, findGroupByQueryCriteria, findGroupCountByQueryCriteria, findTenantByQueryCriteria, findTenantCountByQueryCriteria, findUserByNativeQuery, findUserByQueryCriteria, findUserCountByNativeQuery, findUserCountByQueryCriteria, matchPassword

Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager

delete, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCamundaFormDefinitionManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, insert, isAuthorizationEnabled, saveDefaultAuthorizations

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2IdentityProvider

public OAuth2IdentityProvider()

Method Details

unsupportedOperationForOAuth2

protected static void unsupportedOperationForOAuth2()

unsupportedFilterForOAuth2

protected static void unsupportedFilterForOAuth2()

nullOrContainsIgnoreCase

protected static boolean nullOrContainsIgnoreCase(String searchLike,
 String value)

Parameters:

searchLike - the like value to search for

value - the actual user attribute value

Returns:

true if either values are null or if value contains searchLike (case-insensitive)

springSecurityAuthentication

protected boolean springSecurityAuthentication()

Returns:

true if user is authenticated in Spring security context

transformUser

protected static UserEntity transformUser()

transformGroups

protected static List<Group> transformGroups()

findUserById

public UserEntity findUserById(String userId)

Specified by:

findUserById in interface ReadOnlyIdentityProvider

Overrides:

findUserById in class DbReadOnlyIdentityServiceProvider

Returns:

a User object for the given user id or null if no such user exists.

createUserQuery

public UserQuery createUserQuery()

Specified by:

createUserQuery in interface ReadOnlyIdentityProvider

Overrides:

createUserQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a UserQuery object which can be used for querying for users.

createUserQuery

public UserQueryImpl createUserQuery(CommandContext commandContext)

Specified by:

createUserQuery in interface ReadOnlyIdentityProvider

Overrides:

createUserQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a UserQuery object which can be used in the current command context

createNativeUserQuery

public NativeUserQuery createNativeUserQuery()

Description copied from interface: ReadOnlyIdentityProvider

Creates a NativeUserQuery that allows to select users with native queries.

Specified by:

createNativeUserQuery in interface ReadOnlyIdentityProvider

Overrides:

createNativeUserQuery in class DbReadOnlyIdentityServiceProvider

Returns:

NativeUserQuery

checkPassword

public boolean checkPassword(String userId,
 String password)

Specified by:

checkPassword in interface ReadOnlyIdentityProvider

Overrides:

checkPassword in class DbIdentityServiceProvider

Returns:

'true' if the password matches the

findGroupById

public GroupEntity findGroupById(String groupId)

Specified by:

findGroupById in interface ReadOnlyIdentityProvider

Overrides:

findGroupById in class DbReadOnlyIdentityServiceProvider

Returns:

a Group object for the given group id or null if no such group exists.

createGroupQuery

public GroupQuery createGroupQuery()

Specified by:

createGroupQuery in interface ReadOnlyIdentityProvider

Overrides:

createGroupQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a GroupQuery object which can be used for querying for groups.

createGroupQuery

public GroupQuery createGroupQuery(CommandContext commandContext)

Specified by:

createGroupQuery in interface ReadOnlyIdentityProvider

Overrides:

createGroupQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a GroupQuery object which can be used for querying for groups and can be reused in the current command context.

findTenantById

public TenantEntity findTenantById(String tenantId)

Specified by:

findTenantById in interface ReadOnlyIdentityProvider

Overrides:

findTenantById in class DbReadOnlyIdentityServiceProvider

Returns:

a Tenant object for the given id or null if no such tenant exists.

createTenantQuery

public TenantQuery createTenantQuery()

Specified by:

createTenantQuery in interface ReadOnlyIdentityProvider

Overrides:

createTenantQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a TenantQuery object which can be used for querying for tenants.

createTenantQuery

public TenantQuery createTenantQuery(CommandContext commandContext)

Specified by:

createTenantQuery in interface ReadOnlyIdentityProvider

Overrides:

createTenantQuery in class DbReadOnlyIdentityServiceProvider

Returns:

a TenantQuery object which can be used for querying for tenants and can be reused in the current command context.

flush

public void flush()

Specified by:

flush in interface Session

Overrides:

flush in class AbstractManager

close

public void close()

Specified by:

close in interface Session

Overrides:

close in class AbstractManager

createNewUser

public UserEntity createNewUser(String userId)

Description copied from interface: WritableIdentityProvider

Returns a new (transient) User object. The Object is not yet persistent and must be saved using the WritableIdentityProvider.saveUser(User) method.

NOTE: the implementation does not validate the uniqueness of the userId parameter at this time.

Specified by:

createNewUser in interface WritableIdentityProvider

Overrides:

createNewUser in class DbIdentityServiceProvider

Returns:

an non-persistent user object.

saveUser

public IdentityOperationResult saveUser(User user)

Description copied from interface: WritableIdentityProvider

Allows saving or updates a User object

Specified by:

saveUser in interface WritableIdentityProvider

Overrides:

saveUser in class DbIdentityServiceProvider

Parameters:

user - a User object.

Returns:

the operation result object.

deleteUser

public IdentityOperationResult deleteUser(String userId)

Description copied from interface: WritableIdentityProvider

Allows deleting a persistent User object.

Specified by:

deleteUser in interface WritableIdentityProvider

Overrides:

deleteUser in class DbIdentityServiceProvider

Returns:

the operation result object.

unlockUser

public IdentityOperationResult unlockUser(String userId)

Description copied from interface: WritableIdentityProvider

Allows unlocking a User object.

Specified by:

unlockUser in interface WritableIdentityProvider

Overrides:

unlockUser in class DbIdentityServiceProvider

Parameters:

userId - the id of the User object to delete.

Returns:

the operation result object.

createNewGroup

public GroupEntity createNewGroup(String groupId)

Description copied from interface: WritableIdentityProvider

Returns a new (transient) Group object. The Object is not yet persistent and must be saved using the WritableIdentityProvider.saveGroup(Group) method.

NOTE: the implementation does not validate the uniqueness of the groupId parameter at this time.

Specified by:

createNewGroup in interface WritableIdentityProvider

Overrides:

createNewGroup in class DbIdentityServiceProvider

Returns:

an non-persistent group object.

saveGroup

public IdentityOperationResult saveGroup(Group group)

Description copied from interface: WritableIdentityProvider

Allows saving a Group object which is not yet persistent.

Specified by:

saveGroup in interface WritableIdentityProvider

Overrides:

saveGroup in class DbIdentityServiceProvider

Parameters:

group - a group object.

Returns:

the operation result object.

deleteGroup

public IdentityOperationResult deleteGroup(String groupId)

Description copied from interface: WritableIdentityProvider

Allows deleting a persistent Group object.

Specified by:

deleteGroup in interface WritableIdentityProvider

Overrides:

deleteGroup in class DbIdentityServiceProvider

Parameters:

groupId - the id of the group object to delete.

Returns:

the operation result object.

createNewTenant

public Tenant createNewTenant(String tenantId)

Description copied from interface: WritableIdentityProvider

Returns a new (transient) Tenant object. The Object is not yet persistent and must be saved using the WritableIdentityProvider.saveTenant(Tenant) method.

NOTE: the implementation does not validate the uniqueness of the tenantId parameter at this time.

Specified by:

createNewTenant in interface WritableIdentityProvider

Overrides:

createNewTenant in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the new tenant

Returns:

an non-persistent tenant object.

saveTenant

public IdentityOperationResult saveTenant(Tenant tenant)

Description copied from interface: WritableIdentityProvider

Allows saving a Tenant object which is not yet persistent.

Specified by:

saveTenant in interface WritableIdentityProvider

Overrides:

saveTenant in class DbIdentityServiceProvider

Parameters:

tenant - the tenant object to save.

Returns:

the operation result object.

deleteTenant

public IdentityOperationResult deleteTenant(String tenantId)

Description copied from interface: WritableIdentityProvider

Allows deleting a persistent Tenant object.

Specified by:

deleteTenant in interface WritableIdentityProvider

Overrides:

deleteTenant in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the tenant object to delete.

Returns:

the operation result object.

createMembership

public IdentityOperationResult createMembership(String userId,
 String groupId)

Description copied from interface: WritableIdentityProvider

Creates a membership relation between a user and a group. If the user is already part of that group, IdentityProviderException is thrown.

Specified by:

createMembership in interface WritableIdentityProvider

Overrides:

createMembership in class DbIdentityServiceProvider

Parameters:

userId - the id of the user

groupId - id of the group

Returns:

the operation result object.

deleteMembership

public IdentityOperationResult deleteMembership(String userId,
 String groupId)

Description copied from interface: WritableIdentityProvider

Deletes a membership relation between a user and a group.

Specified by:

deleteMembership in interface WritableIdentityProvider

Overrides:

deleteMembership in class DbIdentityServiceProvider

Parameters:

userId - the id of the user

groupId - id of the group

Returns:

the operation result object.

createTenantUserMembership

public IdentityOperationResult createTenantUserMembership(String tenantId,
 String userId)

Description copied from interface: WritableIdentityProvider

Creates a membership relation between a tenant and a user.

Specified by:

createTenantUserMembership in interface WritableIdentityProvider

Overrides:

createTenantUserMembership in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the tenant

userId - the id of the user

Returns:

the operation result object.

createTenantGroupMembership

public IdentityOperationResult createTenantGroupMembership(String tenantId,
 String groupId)

Description copied from interface: WritableIdentityProvider

Creates a membership relation between a tenant and a group.

Specified by:

createTenantGroupMembership in interface WritableIdentityProvider

Overrides:

createTenantGroupMembership in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the tenant

groupId - the id of the group

Returns:

the operation result object.

deleteTenantUserMembership

public IdentityOperationResult deleteTenantUserMembership(String tenantId,
 String userId)

Description copied from interface: WritableIdentityProvider

Deletes a membership relation between a tenant and a user.

Specified by:

deleteTenantUserMembership in interface WritableIdentityProvider

Overrides:

deleteTenantUserMembership in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the tenant

userId - the id of the user

Returns:

the operation result object

deleteTenantGroupMembership

public IdentityOperationResult deleteTenantGroupMembership(String tenantId,
 String groupId)

Description copied from interface: WritableIdentityProvider

Deletes a membership relation between a tenant and a group.

Specified by:

deleteTenantGroupMembership in interface WritableIdentityProvider

Overrides:

deleteTenantGroupMembership in class DbIdentityServiceProvider

Parameters:

tenantId - the id of the tenant

groupId - the id of the group

Returns:

the operation result object.