protected internal virtual bool isAuthorized(Permission permission, Resource resource, string resourceId)
{
if (!processEngine.ProcessEngineConfiguration.AuthorizationEnabled)
{
// if authorization is disabled everyone is authorized
return(true);
}
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final org.camunda.bpm.engine.IdentityService identityService = processEngine.getIdentityService();
IdentityService identityService = processEngine.IdentityService;
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final org.camunda.bpm.engine.AuthorizationService authorizationService = processEngine.getAuthorizationService();
AuthorizationService authorizationService = processEngine.AuthorizationService;
Authentication authentication = identityService.CurrentAuthentication;
if (authentication == null)
{
return(true);
}
else
{
return(authorizationService.isUserAuthorized(authentication.UserId, authentication.GroupIds, permission, resource, resourceId));
}
}
public static string getApplicationPathForDeployment(ProcessEngine engine, string deploymentId)
{
// get the name of the process application that made the deployment
string processApplicationName = null;
IdentityService identityService = engine.IdentityService;
Authentication currentAuthentication = identityService.CurrentAuthentication;
try
{
identityService.clearAuthentication();
processApplicationName = engine.ManagementService.getProcessApplicationForDeployment(deploymentId);
}
finally
{
identityService.Authentication = currentAuthentication;
}
if (string.ReferenceEquals(processApplicationName, null))
{
// no a process application deployment
return(null);
}
else
{
ProcessApplicationService processApplicationService = BpmPlatform.ProcessApplicationService;
ProcessApplicationInfo processApplicationInfo = processApplicationService.getProcessApplicationInfo(processApplicationName);
return(processApplicationInfo.Properties[org.camunda.bpm.application.ProcessApplicationInfo_Fields.PROP_SERVLET_CONTEXT_PATH]);
}
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testGroupMembersResourceOptionsUnauthorized()
public virtual void testGroupMembersResourceOptionsUnauthorized()
{
string fullMembersUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + "/group/" + MockProvider.EXAMPLE_GROUP_ID + "/members";
Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, GROUP_MEMBERSHIP, MockProvider.EXAMPLE_GROUP_ID)).thenReturn(false);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, CREATE, GROUP_MEMBERSHIP, MockProvider.EXAMPLE_GROUP_ID)).thenReturn(false);
Group sampleGroup = MockProvider.createMockGroup();
GroupQuery sampleGroupQuery = mock(typeof(GroupQuery));
when(identityServiceMock.createGroupQuery()).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.groupId(MockProvider.EXAMPLE_GROUP_ID)).thenReturn(sampleGroupQuery);
when(sampleGroupQuery.singleResult()).thenReturn(sampleGroup);
when(processEngineConfigurationMock.AuthorizationEnabled).thenReturn(true);
given().pathParam("id", MockProvider.EXAMPLE_GROUP_ID).then().expect().statusCode(Status.OK.StatusCode).body("links[0].href", equalTo(fullMembersUrl)).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("self")).body("links[1]", nullValue()).body("links[2]", nullValue()).when().options(GROUP_MEMBERS_URL);
verify(identityServiceMock, times(2)).CurrentAuthentication;
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, GROUP_MEMBERSHIP, MockProvider.EXAMPLE_GROUP_ID);
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, CREATE, GROUP_MEMBERSHIP, MockProvider.EXAMPLE_GROUP_ID);
}
public virtual void updateCredentials(UserCredentialsDto account)
{
ensureNotReadOnly();
Authentication currentAuthentication = identityService.CurrentAuthentication;
if (currentAuthentication != null && !string.ReferenceEquals(currentAuthentication.UserId, null))
{
if (!identityService.checkPassword(currentAuthentication.UserId, account.AuthenticatedUserPassword))
{
throw new InvalidRequestException(Status.BAD_REQUEST, "The given authenticated user password is not valid.");
}
}
User dbUser = findUserObject();
if (dbUser == null)
{
throw new InvalidRequestException(Status.NOT_FOUND, "User with id " + resourceId + " does not exist");
}
dbUser.Password = account.Password;
identityService.saveUser(dbUser);
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testChangeCredentials()
public virtual void testChangeCredentials()
{
User initialUser = MockProvider.createMockUser();
UserQuery sampleUserQuery = mock(typeof(UserQuery));
when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
when(sampleUserQuery.singleResult()).thenReturn(initialUser);
Authentication authentication = MockProvider.createMockAuthentication();
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(identityServiceMock.checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD)).thenReturn(true);
UserCredentialsDto dto = new UserCredentialsDto();
dto.Password = "******";
dto.AuthenticatedUserPassword = MockProvider.EXAMPLE_USER_PASSWORD;
given().pathParam("id", MockProvider.EXAMPLE_USER_ID).contentType(ContentType.JSON).body(dto).then().statusCode(Status.NO_CONTENT.StatusCode).when().put(USER_CREDENTIALS_URL);
verify(identityServiceMock).CurrentAuthentication;
verify(identityServiceMock).checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD);
// password was updated
verify(initialUser).Password = dto.Password;
// and then saved
verify(identityServiceMock).saveUser(initialUser);
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testUserResourceOptionsDeleteAuthorized()
public virtual void testUserResourceOptionsDeleteAuthorized()
{
string fullUserUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + "/user/" + MockProvider.EXAMPLE_USER_ID;
User sampleUser = MockProvider.createMockUser();
UserQuery sampleUserQuery = mock(typeof(UserQuery));
when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
when(sampleUserQuery.singleResult()).thenReturn(sampleUser);
Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(true);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID)).thenReturn(false);
when(processEngineConfigurationMock.AuthorizationEnabled).thenReturn(true);
given().pathParam("id", MockProvider.EXAMPLE_USER_ID).then().statusCode(Status.OK.StatusCode).body("links[0].href", equalTo(fullUserUrl + "/profile")).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("self")).body("links[1].href", equalTo(fullUserUrl)).body("links[1].method", equalTo(HttpMethod.DELETE)).body("links[1].rel", equalTo("delete")).body("links[2]", nullValue()).when().options(USER_URL);
verify(identityServiceMock, times(2)).CurrentAuthentication;
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, USER, MockProvider.EXAMPLE_USER_ID);
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, USER, MockProvider.EXAMPLE_USER_ID);
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void userRestServiceOptionAuthorized()
public virtual void userRestServiceOptionAuthorized()
{
string fullAuthorizationUrl = FullAuthorizationUrl;
Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, CREATE, TENANT, ANY)).thenReturn(true);
when(processEngineConfigurationMock.AuthorizationEnabled).thenReturn(true);
given().then().statusCode(Status.OK.StatusCode).body("links[0].href", equalTo(fullAuthorizationUrl)).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("list")).body("links[1].href", equalTo(fullAuthorizationUrl + "/count")).body("links[1].method", equalTo(HttpMethod.GET)).body("links[1].rel", equalTo("count")).body("links[2].href", equalTo(fullAuthorizationUrl + "/create")).body("links[2].method", equalTo(HttpMethod.POST)).body("links[2].rel", equalTo("create")).when().options(SERVICE_URL);
verify(identityServiceMock, times(1)).CurrentAuthentication;
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void tenantGroupMembershipResourceOptionsUnauthorized()
public virtual void tenantGroupMembershipResourceOptionsUnauthorized()
{
string fullMembersUrl = FullAuthorizationTenantUrl + "/group-members";
Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null);
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, TENANT_MEMBERSHIP, MockProvider.EXAMPLE_TENANT_ID)).thenReturn(false);
when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, CREATE, TENANT_MEMBERSHIP, MockProvider.EXAMPLE_TENANT_ID)).thenReturn(false);
when(processEngineConfigurationMock.AuthorizationEnabled).thenReturn(true);
given().pathParam("id", MockProvider.EXAMPLE_TENANT_ID).then().expect().statusCode(Status.OK.StatusCode).body("links[0].href", equalTo(fullMembersUrl)).body("links[0].method", equalTo(HttpMethod.GET)).body("links[0].rel", equalTo("self")).body("links[1]", nullValue()).body("links[2]", nullValue()).when().options(TENANT_GROUP_MEMBERS_URL);
verify(identityServiceMock, times(2)).CurrentAuthentication;
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, TENANT_MEMBERSHIP, MockProvider.EXAMPLE_TENANT_ID);
verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, CREATE, TENANT_MEMBERSHIP, MockProvider.EXAMPLE_TENANT_ID);
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void testChangeCredentialsWithWrongAuthenticatedUserPassword()
public virtual void testChangeCredentialsWithWrongAuthenticatedUserPassword()
{
User initialUser = MockProvider.createMockUser();
UserQuery sampleUserQuery = mock(typeof(UserQuery));
when(identityServiceMock.createUserQuery()).thenReturn(sampleUserQuery);
when(sampleUserQuery.userId(MockProvider.EXAMPLE_USER_ID)).thenReturn(sampleUserQuery);
when(sampleUserQuery.singleResult()).thenReturn(initialUser);
Authentication authentication = MockProvider.createMockAuthentication();
when(identityServiceMock.CurrentAuthentication).thenReturn(authentication);
when(identityServiceMock.checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD)).thenReturn(false);
UserCredentialsDto dto = new UserCredentialsDto();
dto.Password = "******";
dto.AuthenticatedUserPassword = MockProvider.EXAMPLE_USER_PASSWORD;
given().pathParam("id", MockProvider.EXAMPLE_USER_ID).contentType(ContentType.JSON).body(dto).then().statusCode(Status.BAD_REQUEST.StatusCode).contentType(ContentType.JSON).body("type", equalTo("InvalidRequestException")).body("message", equalTo("The given authenticated user password is not valid.")).when().put(USER_CREDENTIALS_URL);
}
protected internal virtual void logAuthentication(IdentityService identityService)
{
CURRENT_AUTHENTICATION = identityService.CurrentAuthentication;
}
// helper /////////////////////////////////////////////////////////////////
public static void clearProperties()
{
CURRENT_AUTHENTICATION = null;
INSTANCES_COUNT = null;
}
