org.camunda.bpm.engine.impl.persistence.entity
Class AuthorizationManager
java.lang.Object
org.camunda.bpm.engine.impl.persistence.AbstractManager
org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
- All Implemented Interfaces:
- Session
public class AuthorizationManager
- extends AbstractManager
- Author:
- Daniel Meyer
|
Method Summary |
protected void |
addPermissionCheck(AuthorizationCheck authCheck,
CompositePermissionCheck compositeCheck)
|
protected void |
addPermissionCheck(ListQueryParameterObject query,
Resource resource,
String queryParam,
Permission permission)
|
void |
checkAuthorization(CompositePermissionCheck compositePermissionCheck)
|
void |
checkAuthorization(List<PermissionCheck> permissionChecks)
|
void |
checkAuthorization(PermissionCheck... permissionChecks)
|
void |
checkAuthorization(Permission permission,
Resource resource)
|
void |
checkAuthorization(Permission permission,
Resource resource,
String resourceId)
|
void |
checkCamundaAdmin()
Checks if the current authentication contains the group
Groups.CAMUNDA_ADMIN. |
void |
configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
|
void |
configureBatchQuery(BatchQueryImpl query)
|
void |
configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)
|
void |
configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)
|
void |
configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)
|
void |
configureDeploymentQuery(DeploymentQueryImpl query)
|
void |
configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
|
void |
configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
|
void |
configureExecutionQuery(AbstractQuery query)
|
void |
configureExternalTaskFetch(ListQueryParameterObject parameter)
|
void |
configureExternalTaskQuery(ExternalTaskQueryImpl query)
|
void |
configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
|
void |
configureHistoricBatchQuery(HistoricBatchQueryImpl query)
|
void |
configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)
|
void |
configureHistoricDetailQuery(HistoricDetailQueryImpl query)
|
void |
configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)
|
void |
configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)
|
void |
configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
|
void |
configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
|
void |
configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
|
void |
configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
|
void |
configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
|
void |
configureIncidentQuery(IncidentQueryImpl query)
|
void |
configureJobDefinitionQuery(JobDefinitionQueryImpl query)
|
void |
configureJobQuery(JobQueryImpl query)
|
void |
configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
|
void |
configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
|
void |
configureQuery(AbstractQuery query,
Resource resource)
|
void |
configureQuery(AbstractQuery query,
Resource resource,
String queryParam)
|
void |
configureQuery(AbstractQuery query,
Resource resource,
String queryParam,
Permission permission)
|
void |
configureQuery(ListQueryParameterObject query)
|
void |
configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query,
Resource resource)
|
void |
configureTaskQuery(TaskQueryImpl query)
|
void |
configureUserOperationLogQuery(UserOperationLogQueryImpl query)
|
protected void |
configureVariableInstanceQuery(VariableInstanceQueryImpl query)
|
Authorization |
createNewAuthorization(int type)
|
void |
delete(DbEntity authorization)
|
void |
deleteAuthorizationsByResourceId(Resource resource,
String resourceId)
|
void |
deleteAuthorizationsByResourceIdAndGroupId(Resource resource,
String resourceId,
String groupId)
|
void |
deleteAuthorizationsByResourceIdAndUserId(Resource resource,
String resourceId,
String userId)
|
void |
enableQueryAuthCheck(AuthorizationCheck authCheck)
|
List<String> |
filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
|
AuthorizationEntity |
findAuthorization(int type,
String userId,
String groupId,
Resource resource,
String resourceId)
|
AuthorizationEntity |
findAuthorizationByGroupIdAndResourceId(int type,
String groupId,
Resource resource,
String resourceId)
|
AuthorizationEntity |
findAuthorizationByUserIdAndResourceId(int type,
String userId,
Resource resource,
String resourceId)
|
void |
insert(DbEntity authorization)
|
protected boolean |
isAuthCheckExecuted()
|
boolean |
isAuthorized(CompositePermissionCheck compositePermissionCheck)
|
boolean |
isAuthorized(Permission permission,
Resource resource,
String resourceId)
|
boolean |
isAuthorized(String userId,
List<String> groupIds,
CompositePermissionCheck compositePermissionCheck)
|
boolean |
isAuthorized(String userId,
List<String> groupIds,
List<PermissionCheck> permissionChecks)
|
boolean |
isAuthorized(String userId,
List<String> groupIds,
Permission permission,
Resource resource,
String resourceId)
|
boolean |
isCamundaAdmin(Authentication authentication)
|
protected boolean |
isRevokeAuthCheckEnabled(String userId,
List<String> groupIds)
|
PermissionCheck |
newPermissionCheck()
|
PermissionCheckBuilder |
newPermissionCheckBuilder()
|
List<Authorization> |
selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
|
Long |
selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
|
void |
update(AuthorizationEntity authorization)
|
| Methods inherited from class org.camunda.bpm.engine.impl.persistence.AbstractManager |
close, deleteAuthorizations, deleteAuthorizationsForGroup, deleteAuthorizationsForUser, deleteDefaultAuthorizations, flush, getAttachmentManager, getAuthorizationManager, getBatchManager, getByteArrayManager, getCaseDefinitionManager, getCaseExecutionManager, getCaseInstanceManager, getCommandContext, getCurrentAuthentication, getDbEntityManager, getDbSqlSession, getDecisionDefinitionManager, getDecisionRequirementsDefinitionManager, getDeploymentManager, getEventSubscriptionManager, getHistoricActivityInstanceManager, getHistoricBatchManager, getHistoricCaseActivityInstanceManager, getHistoricCaseInstanceManager, getHistoricDecisionInstanceManager, getHistoricDetailManager, getHistoricExternalTaskLogManager, getHistoricIdentityLinkManager, getHistoricIncidentManager, getHistoricJobLogManager, getHistoricProcessInstanceManager, getHistoricReportManager, getHistoricTaskInstanceManager, getHistoricVariableInstanceManager, getIdentityInfoManager, getIdentityLinkManager, getJobDefinitionManager, getJobManager, getProcessDefinitionManager, getProcessInstanceManager, getResourceAuthorizationProvider, getResourceManager, getSession, getTaskManager, getTaskReportManager, getTenantManager, getUserOperationLogManager, getVariableInstanceManager, isAuthorizationEnabled, saveDefaultAuthorizations |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
LOG
protected static final EnginePersistenceLogger LOG
EMPTY_LIST
protected static final List<String> EMPTY_LIST
availableAuthorizedGroupIds
protected Set<String> availableAuthorizedGroupIds
- Group ids for which authorizations exist in the database.
This is initialized once per command by the
filterAuthenticatedGroupIds(List) method. (Manager
instances are command scoped).
It is used to only check authorizations for groups for which authorizations exist. In other words,
if for a given group no authorization exists in the DB, then auth checks are not performed for this group.
isRevokeAuthCheckUsed
protected Boolean isRevokeAuthCheckUsed
AuthorizationManager
public AuthorizationManager()
newPermissionCheck
public PermissionCheck newPermissionCheck()
newPermissionCheckBuilder
public PermissionCheckBuilder newPermissionCheckBuilder()
createNewAuthorization
public Authorization createNewAuthorization(int type)
insert
public void insert(DbEntity authorization)
- Overrides:
insert in class AbstractManager
selectAuthorizationByQueryCriteria
public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
selectAuthorizationCountByQueryCriteria
public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQuery)
findAuthorizationByUserIdAndResourceId
public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int type,
String userId,
Resource resource,
String resourceId)
findAuthorizationByGroupIdAndResourceId
public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int type,
String groupId,
Resource resource,
String resourceId)
findAuthorization
public AuthorizationEntity findAuthorization(int type,
String userId,
String groupId,
Resource resource,
String resourceId)
update
public void update(AuthorizationEntity authorization)
delete
public void delete(DbEntity authorization)
- Overrides:
delete in class AbstractManager
checkAuthorization
public void checkAuthorization(PermissionCheck... permissionChecks)
checkAuthorization
public void checkAuthorization(CompositePermissionCheck compositePermissionCheck)
checkAuthorization
public void checkAuthorization(List<PermissionCheck> permissionChecks)
checkAuthorization
public void checkAuthorization(Permission permission,
Resource resource)
checkAuthorization
public void checkAuthorization(Permission permission,
Resource resource,
String resourceId)
- Overrides:
checkAuthorization in class AbstractManager
isAuthorized
public boolean isAuthorized(Permission permission,
Resource resource,
String resourceId)
isAuthorized
public boolean isAuthorized(String userId,
List<String> groupIds,
Permission permission,
Resource resource,
String resourceId)
isAuthorized
public boolean isAuthorized(String userId,
List<String> groupIds,
List<PermissionCheck> permissionChecks)
isRevokeAuthCheckEnabled
protected boolean isRevokeAuthCheckEnabled(String userId,
List<String> groupIds)
isAuthorized
public boolean isAuthorized(String userId,
List<String> groupIds,
CompositePermissionCheck compositePermissionCheck)
isAuthorized
public boolean isAuthorized(CompositePermissionCheck compositePermissionCheck)
configureQuery
public void configureQuery(ListQueryParameterObject query)
configureQueryHistoricFinishedInstanceReport
public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject query,
Resource resource)
enableQueryAuthCheck
public void enableQueryAuthCheck(AuthorizationCheck authCheck)
configureQuery
public void configureQuery(AbstractQuery query,
Resource resource)
- Overrides:
configureQuery in class AbstractManager
configureQuery
public void configureQuery(AbstractQuery query,
Resource resource,
String queryParam)
configureQuery
public void configureQuery(AbstractQuery query,
Resource resource,
String queryParam,
Permission permission)
addPermissionCheck
protected void addPermissionCheck(ListQueryParameterObject query,
Resource resource,
String queryParam,
Permission permission)
addPermissionCheck
protected void addPermissionCheck(AuthorizationCheck authCheck,
CompositePermissionCheck compositeCheck)
deleteAuthorizationsByResourceId
public void deleteAuthorizationsByResourceId(Resource resource,
String resourceId)
deleteAuthorizationsByResourceIdAndUserId
public void deleteAuthorizationsByResourceIdAndUserId(Resource resource,
String resourceId,
String userId)
deleteAuthorizationsByResourceIdAndGroupId
public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource,
String resourceId,
String groupId)
checkCamundaAdmin
public void checkCamundaAdmin()
- Checks if the current authentication contains the group
Groups.CAMUNDA_ADMIN. The check is ignored if the authorization is
disabled or no authentication exists.
- Throws:
AuthorizationException
isCamundaAdmin
public boolean isCamundaAdmin(Authentication authentication)
- Parameters:
authentication - authentication to check, cannot be null
- Returns:
true if the given authentication contains the group
Groups.CAMUNDA_ADMIN
configureDeploymentQuery
public void configureDeploymentQuery(DeploymentQueryImpl query)
configureProcessDefinitionQuery
public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl query)
configureExecutionQuery
public void configureExecutionQuery(AbstractQuery query)
configureTaskQuery
public void configureTaskQuery(TaskQueryImpl query)
configureEventSubscriptionQuery
public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl query)
configureIncidentQuery
public void configureIncidentQuery(IncidentQueryImpl query)
configureVariableInstanceQuery
protected void configureVariableInstanceQuery(VariableInstanceQueryImpl query)
configureJobDefinitionQuery
public void configureJobDefinitionQuery(JobDefinitionQueryImpl query)
configureJobQuery
public void configureJobQuery(JobQueryImpl query)
configureHistoricProcessInstanceQuery
public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl query)
configureHistoricActivityInstanceQuery
public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl query)
configureHistoricTaskInstanceQuery
public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl query)
configureHistoricVariableInstanceQuery
public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl query)
configureHistoricDetailQuery
public void configureHistoricDetailQuery(HistoricDetailQueryImpl query)
configureHistoricJobLogQuery
public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl query)
configureHistoricIncidentQuery
public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl query)
configureHistoricIdentityLinkQuery
public void configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl query)
configureHistoricDecisionInstanceQuery
public void configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl query)
configureHistoricExternalTaskLogQuery
public void configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl query)
configureUserOperationLogQuery
public void configureUserOperationLogQuery(UserOperationLogQueryImpl query)
configureHistoricBatchQuery
public void configureHistoricBatchQuery(HistoricBatchQueryImpl query)
configureDeploymentStatisticsQuery
public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl query)
configureProcessDefinitionStatisticsQuery
public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl query)
configureActivityStatisticsQuery
public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl query)
configureExternalTaskQuery
public void configureExternalTaskQuery(ExternalTaskQueryImpl query)
configureExternalTaskFetch
public void configureExternalTaskFetch(ListQueryParameterObject parameter)
configureDecisionDefinitionQuery
public void configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl query)
configureDecisionRequirementsDefinitionQuery
public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl query)
configureBatchQuery
public void configureBatchQuery(BatchQueryImpl query)
configureBatchStatisticsQuery
public void configureBatchStatisticsQuery(BatchStatisticsQueryImpl query)
filterAuthenticatedGroupIds
public List<String> filterAuthenticatedGroupIds(List<String> authenticatedGroupIds)
isAuthCheckExecuted
protected boolean isAuthCheckExecuted()
Copyright © 2017 camunda services GmbH. All rights reserved.