Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.camunda.bpm.engine.impl.cfg.auth
Class DefaultAuthorizationProvider

java.lang.Object
  extended by org.camunda.bpm.engine.impl.cfg.auth.DefaultAuthorizationProvider
All Implemented Interfaces:
ResourceAuthorizationProvider
public class DefaultAuthorizationProvider
extends Object
implements ResourceAuthorizationProvider

Provides the default authorizations for camunda BPM.

Author:
Daniel Meyer

Constructor Summary
DefaultAuthorizationProvider()
           
 
Method Summary
protected  boolean areIdsEqual(String firstId, String secondId)
           
protected  AuthorizationEntity createGrantAuthorization(String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
           
 AuthorizationEntity[] deleteTaskGroupIdentityLink(Task task, String groupId, String type)
          Invoked whenever a group identity link of a task has been deleted.
 AuthorizationEntity[] deleteTaskUserIdentityLink(Task task, String userId, String type)
          Invoked whenever a user identity link of a task has been deleted.
protected  AuthorizationManager getAuthorizationManager()
           
protected  Permission getDefaultUserPermissionForTask()
           
protected  AuthorizationEntity getGrantAuthorizationByGroupId(String groupId, Resource resource, String resourceId)
           
protected  AuthorizationEntity getGrantAuthorizationByUserId(String userId, Resource resource, String resourceId)
           
 AuthorizationEntity[] groupMembershipCreated(String groupId, String userId)
          Invoked whenever a user is added to a group
protected  boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity, String userId, String groupId, Resource resource, String resourceId)
           
 AuthorizationEntity[] newDecisionDefinition(DecisionDefinition decisionDefinition)
          Invoked whenever a new decision definition is created.
 AuthorizationEntity[] newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition)
          Invoked whenever a new decision requirements definition is created.
 AuthorizationEntity[] newDeployment(Deployment deployment)
          Invoked whenever a new deployment is created
 AuthorizationEntity[] newFilter(Filter filter)
          Invoked whenever a new filter is created
 AuthorizationEntity[] newGroup(Group group)
          Invoked whenever a new group is created
 AuthorizationEntity[] newProcessDefinition(ProcessDefinition processDefinition)
          Invoked whenever a new process definition is created
 AuthorizationEntity[] newProcessInstance(ProcessInstance processInstance)
          Invoked whenever a new process instance is started
 AuthorizationEntity[] newTask(Task task)
          Invoked whenever a new task is created
 AuthorizationEntity[] newTaskAssignee(Task task, String oldAssignee, String newAssignee)
          Invoked whenever an user has been assigned to a task.
 AuthorizationEntity[] newTaskGroupIdentityLink(Task task, String groupId, String type)
          Invoked whenever a new group identity link has been added to a task.
 AuthorizationEntity[] newTaskOwner(Task task, String oldOwner, String newOwner)
          Invoked whenever an user has been set as the owner of a task.
 AuthorizationEntity[] newTaskUserIdentityLink(Task task, String userId, String type)
          Invoked whenever a new user identity link has been added to a task.
 AuthorizationEntity[] newTenant(Tenant tenant)
           Invoked whenever a new tenant is created
 AuthorizationEntity[] newUser(User user)
          Invoked whenever a new user is created
 AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, Group group)
          Invoked whenever a group is added to a tenant.
 AuthorizationEntity[] tenantMembershipCreated(Tenant tenant, User user)
          Invoked whenever an user is added to a tenant.
protected  AuthorizationEntity updateAuthorization(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId, Permission... permissions)
           
protected  void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization, String userId, String groupId, Resource resource, String resourceId)
          Searches through the cache, if there is already an authorization with same rights.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultAuthorizationProvider

public DefaultAuthorizationProvider()
Method Detail

newUser

public AuthorizationEntity[] newUser(User user)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new user is created

Specified by:
newUser in interface ResourceAuthorizationProvider
Parameters:
user - a newly created user
Returns:
a list of authorizations to be automatically added when a new user is created.

newGroup

public AuthorizationEntity[] newGroup(Group group)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new group is created

Specified by:
newGroup in interface ResourceAuthorizationProvider
Parameters:
group - a newly created Group
Returns:
a list of authorizations to be automatically added when a new Group is created.

newTenant

public AuthorizationEntity[] newTenant(Tenant tenant)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new tenant is created

Specified by:
newTenant in interface ResourceAuthorizationProvider
Parameters:
tenant - a newly created Tenant
Returns:
a list of authorizations to be automatically added when a new Tenant is created.

groupMembershipCreated

public AuthorizationEntity[] groupMembershipCreated(String groupId,
                                                    String userId)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a user is added to a group

Specified by:
groupMembershipCreated in interface ResourceAuthorizationProvider
Parameters:
groupId - the id of the group to which the user is added
userId - the id of the user who is added to a group a newly created User
Returns:
a list of authorizations to be automatically added when a new User is created.

tenantMembershipCreated

public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant,
                                                     User user)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user is added to a tenant.

Specified by:
tenantMembershipCreated in interface ResourceAuthorizationProvider
Parameters:
tenant - the id of the tenant
Returns:
a list of authorizations to be automatically added when a new membership is created.

tenantMembershipCreated

public AuthorizationEntity[] tenantMembershipCreated(Tenant tenant,
                                                     Group group)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a group is added to a tenant.

Specified by:
tenantMembershipCreated in interface ResourceAuthorizationProvider
Parameters:
tenant - the id of the tenant
Returns:
a list of authorizations to be automatically added when a new membership is created.

newFilter

public AuthorizationEntity[] newFilter(Filter filter)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new filter is created

Specified by:
newFilter in interface ResourceAuthorizationProvider
Parameters:
filter - the newly created filter
Returns:
a list of authorizations to be automatically added when a new Filter is created.

newDeployment

public AuthorizationEntity[] newDeployment(Deployment deployment)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new deployment is created

Specified by:
newDeployment in interface ResourceAuthorizationProvider
Parameters:
deployment - the newly created deployment
Returns:
a list of authorizations to be automatically added when a new Deployment is created.

newProcessDefinition

public AuthorizationEntity[] newProcessDefinition(ProcessDefinition processDefinition)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new process definition is created

Specified by:
newProcessDefinition in interface ResourceAuthorizationProvider
Parameters:
processDefinition - the newly created process definition
Returns:
a list of authorizations to be automatically added when a new ProcessDefinition is created.

newProcessInstance

public AuthorizationEntity[] newProcessInstance(ProcessInstance processInstance)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new process instance is started

Specified by:
newProcessInstance in interface ResourceAuthorizationProvider
Parameters:
processInstance - the newly started process instance
Returns:
a list of authorizations to be automatically added when a new ProcessInstance is started.

newTask

public AuthorizationEntity[] newTask(Task task)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new task is created

Specified by:
newTask in interface ResourceAuthorizationProvider
Parameters:
task - the newly created task
Returns:
a list of authorizations to be automatically added when a new Task is created.

newTaskAssignee

public AuthorizationEntity[] newTaskAssignee(Task task,
                                             String oldAssignee,
                                             String newAssignee)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user has been assigned to a task.

Specified by:
newTaskAssignee in interface ResourceAuthorizationProvider
Parameters:
task - the task on which the assignee has been changed
oldAssignee - the old assignee of the task
newAssignee - the new assignee of the task
Returns:
a list of authorizations to be automatically added when an assignee of a task changes.

newTaskOwner

public AuthorizationEntity[] newTaskOwner(Task task,
                                          String oldOwner,
                                          String newOwner)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever an user has been set as the owner of a task.

Specified by:
newTaskOwner in interface ResourceAuthorizationProvider
Parameters:
task - the task on which the owner has been changed
oldOwner - the old owner of the task
newOwner - the new owner of the task
Returns:
a list of authorizations to be automatically added when the owner of a task changes.

newTaskUserIdentityLink

public AuthorizationEntity[] newTaskUserIdentityLink(Task task,
                                                     String userId,
                                                     String type)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new user identity link has been added to a task.

Specified by:
newTaskUserIdentityLink in interface ResourceAuthorizationProvider
Parameters:
task - the task on which a new identity link has been added
userId - the user for which the identity link has been created
type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
Returns:
a list of authorizations to be automatically added when a new user identity link has been added.

newTaskGroupIdentityLink

public AuthorizationEntity[] newTaskGroupIdentityLink(Task task,
                                                      String groupId,
                                                      String type)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new group identity link has been added to a task.

Specified by:
newTaskGroupIdentityLink in interface ResourceAuthorizationProvider
Parameters:
task - the task on which a new identity link has been added
groupId - the group for which the identity link has been created
type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
Returns:
a list of authorizations to be automatically added when a new group identity link has been added.

deleteTaskUserIdentityLink

public AuthorizationEntity[] deleteTaskUserIdentityLink(Task task,
                                                        String userId,
                                                        String type)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a user identity link of a task has been deleted.

Specified by:
deleteTaskUserIdentityLink in interface ResourceAuthorizationProvider
Parameters:
task - the task on which the identity link has been deleted
userId - the user for which the identity link has been deleted
type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
Returns:
a list of authorizations to be automatically deleted when a user identity link has been deleted.

deleteTaskGroupIdentityLink

public AuthorizationEntity[] deleteTaskGroupIdentityLink(Task task,
                                                         String groupId,
                                                         String type)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a group identity link of a task has been deleted.

Specified by:
deleteTaskGroupIdentityLink in interface ResourceAuthorizationProvider
Parameters:
task - the task on which the identity link has been deleted
groupId - the group for which the identity link has been deleted
type - the type of the identity link (e.g. IdentityLinkType.CANDIDATE)
Returns:
a list of authorizations to be automatically deleted when a group identity link has been deleted.

newDecisionDefinition

public AuthorizationEntity[] newDecisionDefinition(DecisionDefinition decisionDefinition)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new decision definition is created.

Specified by:
newDecisionDefinition in interface ResourceAuthorizationProvider
Parameters:
decisionDefinition - the newly created decision definition
Returns:
a list of authorizations to be automatically added when a new DecisionDefinition is created.

newDecisionRequirementsDefinition

public AuthorizationEntity[] newDecisionRequirementsDefinition(DecisionRequirementsDefinition decisionRequirementsDefinition)
Description copied from interface: ResourceAuthorizationProvider

Invoked whenever a new decision requirements definition is created.

Specified by:
newDecisionRequirementsDefinition in interface ResourceAuthorizationProvider
Parameters:
decisionRequirementsDefinition - the newly created decision requirements definition
Returns:
a list of authorizations to be automatically added when a new DecisionRequirementsDefinition is created.

getAuthorizationManager

protected AuthorizationManager getAuthorizationManager()

getGrantAuthorizationByUserId

protected AuthorizationEntity getGrantAuthorizationByUserId(String userId,
                                                            Resource resource,
                                                            String resourceId)

getGrantAuthorizationByGroupId

protected AuthorizationEntity getGrantAuthorizationByGroupId(String groupId,
                                                             Resource resource,
                                                             String resourceId)

updateAuthorization

protected AuthorizationEntity updateAuthorization(AuthorizationEntity authorization,
                                                  String userId,
                                                  String groupId,
                                                  Resource resource,
                                                  String resourceId,
                                                  Permission... permissions)

createGrantAuthorization

protected AuthorizationEntity createGrantAuthorization(String userId,
                                                       String groupId,
                                                       Resource resource,
                                                       String resourceId,
                                                       Permission... permissions)

getDefaultUserPermissionForTask

protected Permission getDefaultUserPermissionForTask()

updateAuthorizationBasedOnCacheEntries

protected void updateAuthorizationBasedOnCacheEntries(AuthorizationEntity authorization,
                                                      String userId,
                                                      String groupId,
                                                      Resource resource,
                                                      String resourceId)
Searches through the cache, if there is already an authorization with same rights. If that's the case update the given authorization with the permissions and remove the old one from the cache.

hasEntitySameAuthorizationRights

protected boolean hasEntitySameAuthorizationRights(AuthorizationEntity authEntity,
                                                   String userId,
                                                   String groupId,
                                                   Resource resource,
                                                   String resourceId)

areIdsEqual

protected boolean areIdsEqual(String firstId,
                              String secondId)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2016 camunda services GmbH. All rights reserved.