Class AuthorizationException

  • All Implemented Interfaces:
    java.io.Serializable

    public class AuthorizationException
    extends ProcessEngineException

    Exception thrown by the process engine in case a user tries to interact with a resource in an unauthorized way.

    The exception contains a list of Missing authorizations. The List is a disjunction i.e. a user should have any of the authorization for the engine to continue the execution beyond the point where it failed.

    Author:
    Daniel Meyer
    See Also:
    Serialized Form
    • Field Detail

      • userId

        protected final java.lang.String userId
      • resourceType

        @Deprecated
        protected java.lang.String resourceType
        Deprecated.
      • permissionName

        @Deprecated
        protected java.lang.String permissionName
        Deprecated.
      • resourceId

        @Deprecated
        protected java.lang.String resourceId
        Deprecated.
    • Constructor Detail

      • AuthorizationException

        public AuthorizationException​(java.lang.String message)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      java.lang.String permissionName,
                                      java.lang.String resourceType,
                                      java.lang.String resourceId)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      MissingAuthorization exceptionInfo)
      • AuthorizationException

        public AuthorizationException​(java.lang.String userId,
                                      java.util.List<MissingAuthorization> info)
    • Method Detail

      • getViolatedPermissionName

        @Deprecated
        public java.lang.String getViolatedPermissionName()
        Deprecated.
        Use getMissingAuthorizations() to get the violated permission name of the MissingAuthorization(s). This method may be removed in future versions.
        Returns:
        the type of the violated permission name if there is only one MissingAuthorization, null otherwise
      • getUserId

        public java.lang.String getUserId()
        Returns:
        id of the user in which context the request was made and who misses authorizations to perform it successfully
      • getMissingAuthorizations

        public java.util.List<MissingAuthorization> getMissingAuthorizations()
        Returns:
        Disjunctive list of MissingAuthorization from which a user needs to have at least one for the authorization to pass