org.camunda.bpm.engine.authorization.Authorization类的使用及代码示例

x33g5p2x  于2022-01-17 转载在 其他  
字(17.6k)|赞(0)|评价(0)|浏览(153)

本文整理了Java中org.camunda.bpm.engine.authorization.Authorization类的一些代码示例,展示了Authorization类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Authorization类的具体详情如下:
包路径:org.camunda.bpm.engine.authorization.Authorization
类名称:Authorization

Authorization介绍

[英]An Authorization assigns a set of Permissionto an identity to interact with a given Resource.

EXAMPLES:

  • User 'jonny' is authorized to start new instances of the 'invoice' process
  • Group 'marketing' is not authorized to cancel process instances.
  • Group 'marketing' is not allowed to use the tasklist application.
  • Nobody is allowed to edit process variables in the cockpit application, except the distinct user 'admin'.

Identities

camunda BPM distinguished two types of identities: users and groups. Authorizations can either range over all users (userId = #ANY), an individual User or a Group of users.

Permissions

A Permission defines the way an identity is allowed to interact with a certain resource. Examples of permissions are Permissions#CREATE, Permissions#READ, Permissions#UPDATE, Permissions#DELETE, ... See Permissions for a set of built-in permissions.

A single authorization object may assign multiple permissions to a single user and resource:

authorization.addPermission(Permissions.READ); 
authorization.addPermission(Permissions.WRITE); 
authorization.addPermission(Permissions.DELETE);

On top of the built-in permissions, camunda BPM allows using custom permission types.

Resources

Resources are the entities the user interacts with. Examples of resources are Resources#GROUP, Resources#USER, process-definitions, process-instances, tasks ... See Resources for a set of built-in resource. The camunda BPM framework supports custom resources.

Authorization Type

There are three types of authorizations:

  • Global Authorizations ( #AUTH_TYPE_GLOBAL) range over all users and groups (userId = #ANY) and are usually used for fixing the "base" permission for a resource.
  • Grant Authorizations ( #AUTH_TYPE_GRANT) range over users and groups and grant a set of permissions. Grant authorizations are commonly used for adding permissions to a user or group that the global authorization revokes.
  • Revoke Authorizations ( #AUTH_TYPE_REVOKE) range over users and groups and revoke a set of permissions. Revoke authorizations are commonly used for revoking permissions to a user or group the the global authorization grants.

Authorization Precedence

Authorizations may range over all users, an individual user or a group of users or . They may apply to an individual resource instance or all instances of the same type (resourceId = #ANY). The precedence is as follows:

  1. An authorization applying to an individual resource instance preceds over an authorization applying to all instances of the same resource type.
  2. An authorization for an individual user preceds over an authorization for a group.
  3. A Group authorization preced over a #AUTH_TYPE_GLOBAL authorization.
  4. A Group #AUTH_TYPE_REVOKE authorization preced over a Group #AUTH_TYPE_GRANT authorization.
    [中]授权为标识分配一组权限,以与给定资源交互。
    示例:
    *用户“jonny”有权启动“发票”流程的新实例
    *“营销”组无权取消流程实例。
    不允许“营销”组使用任务列表应用程序。
    任何人都不允许在驾驶舱应用程序中编辑流程变量,但不同的用户“admin”除外。
    身份
    camunda BPM区分了两种身份:用户    。授权可以覆盖所有用户(userId=#ANY)、单个用户或一组用户。
    权限
    权限定义了允许标识与特定资源交互的方式。权限的示例包括权限#创建、权限#读取、权限#更新、权限#删除、。。。有关一组内置权限,请参见权限。
    单个授权对象可以向单个用户和资源分配多个权限:
authorization.addPermission(Permissions.READ); 
authorization.addPermission(Permissions.WRITE); 
authorization.addPermission(Permissions.DELETE);

除了内置权限外,camunda BPM还允许使用自定义权限类型。
资源
资源是用户与之交互的实体。资源的示例包括资源#组、资源#用户、流程定义、流程实例、任务。。。有关一组内置资源,请参阅参考资料。camunda BPM框架支持自定义资源。
授权类型
有三种类型的授权:
*全局授权(#AUTH_TYPE_Global)覆盖所有用户和组(userId=#ANY),通常用于固定资源的“基本”权限。
*授予授权(#AUTH_TYPE_Grant)范围覆盖用户和组,并授予一组权限。授予授权通常用于向全局授权撤销的用户或组添加权限。
*撤销授权(#AUTH_TYPE_Revoke)覆盖用户和组,并撤销一组权限。撤销授权通常用于撤销授予全局授权的用户或组的权限。
授权优先级
授权范围可能包括所有用户、单个用户或一组用户或其他用户。它们可以应用于单个资源实例或相同类型的所有实例(resourceId=#ANY)。优先顺序如下:
1.应用于单个资源实例的授权优先于应用于相同资源类型的所有实例的授权。
1.对单个用户的授权先于对组的授权。
1.在#授权类型#全局授权之上进行的组授权。
1.一个组#AUTH#u TYPE#撤销授权先于一个组#AUTH#u TYPE#授予授权。

代码示例

代码示例来源:origin: camunda/camunda-bpm-platform

protected static Authorization createAuthorization(AuthorizationService authorizationService, Permission permission, Resources resource, String userId) {
  Authorization auth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
  auth.addPermission(permission);
  auth.setResource(resource);
  auth.setResourceId(Authorization.ANY);
  auth.setUserId(userId);
  return auth;
 }
}

代码示例来源:origin: camunda/camunda-bpm-platform

public static void update(AuthorizationCreateDto dto, Authorization dbAuthorization) {
 
 dbAuthorization.setGroupId(dto.getGroupId());
 dbAuthorization.setUserId(dto.getUserId());
 dbAuthorization.setResourceType(dto.getResourceType());
 dbAuthorization.setResourceId(dto.getResourceId());
 dbAuthorization.setPermissions(PermissionConverter.getPermissionsForNames(dto.getPermissions(), dto.getResourceType()));
 
}

代码示例来源:origin: camunda/camunda-bpm-platform

public static AuthorizationDto fromAuthorization(Authorization dbAuthorization) {
 AuthorizationDto authorizationDto = new AuthorizationDto();
 authorizationDto.setId(dbAuthorization.getId());
 authorizationDto.setType(dbAuthorization.getAuthorizationType());
 Permission[] dbPermissions = getPermissions(dbAuthorization);
 authorizationDto.setPermissions(PermissionConverter.getNamesForPermissions(dbAuthorization, dbPermissions));
 authorizationDto.setUserId(dbAuthorization.getUserId());
 authorizationDto.setGroupId(dbAuthorization.getGroupId());
 authorizationDto.setResourceType(dbAuthorization.getResourceType());
 authorizationDto.setResourceId(dbAuthorization.getResourceId());
 return authorizationDto;
}

代码示例来源:origin: camunda/camunda-bpm-platform

private static Permission[] getPermissions(Authorization dbAuthorization) {
 int givenResourceType = dbAuthorization.getResourceType();
 if (givenResourceType == Resources.BATCH.resourceType()) {
  return dbAuthorization.getPermissions(BatchPermissions.values());
 } else if (givenResourceType == Resources.PROCESS_DEFINITION.resourceType()) {
  return dbAuthorization.getPermissions(ProcessDefinitionPermissions.values());
 } else if (givenResourceType == Resources.PROCESS_INSTANCE.resourceType()) {
  return dbAuthorization.getPermissions(ProcessInstancePermissions.values());
 } else {
  return dbAuthorization.getPermissions(Permissions.values());
 }
}

代码示例来源:origin: camunda/camunda-bpm-platform

@Test
public void testCreateGrantAuthorization() {
 Authorization authorization = MockProvider.createMockGrantAuthorization();
 when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization);
 when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization);
 AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class);
 when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery);
 when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery);
 when(authorizationQuery.singleResult()).thenReturn(authorization);
 AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization);
 given()
   .body(dto).contentType(ContentType.JSON)
 .then().expect()
   .statusCode(Status.OK.getStatusCode())
 .when()
   .post(AUTH_CREATE_PATH);
 verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
 verify(authorization, times(2)).setUserId(authorization.getUserId());
 verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType());
 verify(authorization, times(2)).setResourceId(authorization.getResourceId());
 verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values()));
 verify(authorizationServiceMock).saveAuthorization(authorization);
}

代码示例来源:origin: camunda/camunda-bpm-platform

public Authorization instantiate(AuthorizationService authorizationService, Map<String, String> replacements) {
 Authorization authorization = authorizationService.createNewAuthorization(type);
 // TODO: group id is missing
 authorization.setResource(resource);
 if (replacements.containsKey(resourceId)) {
  authorization.setResourceId(replacements.get(resourceId));
 }
 else {
  authorization.setResourceId(resourceId);
 }
 authorization.setUserId(userId);
 authorization.setPermissions(permissions);
 return authorization;
}

代码示例来源:origin: camunda/camunda-bpm-platform

public void testIsPermissionRevokedAccess() {
 // given
 Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
 String userId = "userId";
 authorization.setUserId(userId);
 authorization.removePermission(Permissions.ACCESS);
 authorization.setResource(Resources.APPLICATION);
 authorization.setResourceId(ANY);
 authorizationService.saveAuthorization(authorization);
 // then
 Authorization authorizationResult = authorizationService.createAuthorizationQuery().userIdIn(userId).singleResult();
 assertTrue(authorizationResult.isPermissionRevoked(Permissions.ACCESS));
 assertFalse(authorizationResult.isPermissionRevoked(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
 assertFalse(authorizationResult.isPermissionRevoked(ProcessInstancePermissions.RETRY_JOB));
 assertFalse(authorizationResult.isPermissionRevoked(ProcessDefinitionPermissions.RETRY_JOB));
}

代码示例来源:origin: camunda/camunda-bpm-platform

protected void createGrantAuthorization(Resource resource, String resourceId, String userId, Permission... permissions) {
 Authorization authorization = createGrantAuthorization(resource, resourceId);
 authorization.setUserId(userId);
 for (Permission permission : permissions) {
  authorization.addPermission(permission);
 }
 saveAuthorization(authorization);
}

代码示例来源:origin: camunda/camunda-bpm-platform

protected Authorization createAuthorization(int type, Resource resource, String resourceId) {
 Authorization authorization = authorizationService.createNewAuthorization(type);
 authorization.setResource(resource);
 if (resourceId != null) {
  authorization.setResourceId(resourceId);
 }
 return authorization;
}

代码示例来源:origin: camunda/camunda-bpm-platform

Authorization authorization2 = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
authorization1.setResource(resource1);
authorization1.setResourceId("someId");
authorization1.setGroupId("someGroup");
authorization2.setResource(resource1);
authorization2.setResourceId("someId");
authorization2.setGroupId("someGroup");
authorization3.setResource(resource1);
authorization3.setResourceId("someId");
authorization3.setGroupId("someGroup");
authorization4.setResource(resource1);
authorization4.setResourceId("someId");
authorization4.setGroupId("someGroup");

代码示例来源:origin: camunda/camunda-bpm-platform

public void testStandaloneTaskAddCandidateUserCreateNewAuthorization() {
 // given
 String taskId = "myTask";
 createTask(taskId);
 createGrantAuthorization(TASK, taskId, userId, UPDATE);
 // when
 taskService.addCandidateUser(taskId, "demo");
 // then
 disableAuthorization();
 Authorization authorization = authorizationService
   .createAuthorizationQuery()
   .userIdIn("demo")
   .singleResult();
 enableAuthorization();
 assertNotNull(authorization);
 assertEquals(TASK.resourceType(), authorization.getResourceType());
 assertEquals(taskId, authorization.getResourceId());
 assertTrue(authorization.isPermissionGranted(READ));
 assertTrue(authorization.isPermissionGranted(getDefaultTaskPermissionForUser()));
 deleteTask(taskId, true);
}

代码示例来源:origin: camunda/camunda-bpm-platform

private void createAuthorizations(ProcessEngine processEngine1) {
 Authorization newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
 newAuthorization.setResource(Resources.PROCESS_INSTANCE);
 newAuthorization.setResourceId("*");
 newAuthorization.setPermissions(new Permission[] { Permissions.CREATE });
 processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
 newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
 newAuthorization.setResource(Resources.PROCESS_DEFINITION);
 newAuthorization.setResourceId("*");
 newAuthorization.setPermissions(new Permission[] { Permissions.CREATE_INSTANCE });
 processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
 newAuthorization = processEngine1.getAuthorizationService().createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
 newAuthorization.setResource(Resources.TASK);
 newAuthorization.setResourceId("*");
 newAuthorization.setPermissions(new Permission[] { Permissions.READ, Permissions.TASK_WORK });
 processEngine1.getAuthorizationService().saveAuthorization(newAuthorization);
}

代码示例来源:origin: camunda/camunda-bpm-platform

public void testCreateUser() {
 // initially there are no authorizations for jonny2:
 assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count());
 // create new user
 identityService.saveUser(identityService.newUser("jonny2"));
 // now there is an authorization for jonny2 which grants him ALL permissions on himself
 Authorization authorization = authorizationService.createAuthorizationQuery().userIdIn("jonny2").singleResult();
 assertNotNull(authorization);
 assertEquals(AUTH_TYPE_GRANT, authorization.getAuthorizationType());
 assertEquals(USER.resourceType(), authorization.getResourceType());
 assertEquals("jonny2", authorization.getResourceId());
 assertTrue(authorization.isPermissionGranted(ALL));
 // delete the user
 identityService.deleteUser("jonny2");
 // the authorization is deleted as well:
 assertEquals(0, authorizationService.createAuthorizationQuery().userIdIn("jonny2").count());
}

代码示例来源:origin: camunda/camunda-bpm-platform

public void testRevokeAuthorizationType() {
 Authorization revokeAuthorization = authorizationService.createNewAuthorization(AUTH_TYPE_REVOKE);
 // I can set userId = null
 revokeAuthorization.setUserId(null);
 // I can set userId = ANY
 revokeAuthorization.setUserId(ANY);
 // I can set anything else:
 revokeAuthorization.setUserId("something");
 // I can set groupId = null
 revokeAuthorization.setGroupId(null);
 // I can set anything else:
 revokeAuthorization.setGroupId("something");
}

代码示例来源:origin: camunda/camunda-bpm-platform

authorization.setResource(resource1);
authorization.setGroupId("someId");
authorization.setUserId("someOtherId");
authorization.setResource(resource1);
authorization.setUserId("someId");
authorization.setUserId("someId");

代码示例来源:origin: camunda/camunda-bpm-platform

authorization.setResource(Resources.USER);
assertEquals(1, authorization.getPermissions(Permissions.values()).length);
assertFalse(authorization.isPermissionGranted(CREATE));
assertFalse(authorization.isPermissionGranted(DELETE));
assertFalse(authorization.isPermissionGranted(READ));
assertFalse(authorization.isPermissionGranted(UPDATE));
authorization.addPermission(CREATE);
assertTrue(authorization.isPermissionGranted(CREATE));
assertFalse(authorization.isPermissionGranted(DELETE));
assertFalse(authorization.isPermissionGranted(READ));
assertFalse(authorization.isPermissionGranted(UPDATE));
authorization.addPermission(DELETE);
assertTrue(authorization.isPermissionGranted(CREATE));
assertTrue(authorization.isPermissionGranted(DELETE));
assertFalse(authorization.isPermissionGranted(READ));
assertFalse(authorization.isPermissionGranted(UPDATE));
authorization.addPermission(READ);
assertTrue(authorization.isPermissionGranted(CREATE));
assertTrue(authorization.isPermissionGranted(DELETE));
assertTrue(authorization.isPermissionGranted(READ));
assertFalse(authorization.isPermissionGranted(UPDATE));
authorization.addPermission(UPDATE);
assertTrue(authorization.isPermissionGranted(CREATE));

代码示例来源:origin: camunda/camunda-bpm-platform

public void testCreateAuthorizationWithGroupId() {
 Resource resource1 = TestResource.RESOURCE1;
 // initially, no authorization exists:
 assertEquals(0, authorizationService.createAuthorizationQuery().count());
 // simple create / delete with userId
 Authorization authorization = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
 authorization.setGroupId("aGroupId");
 authorization.setResource(resource1);
 // save the authorization
 authorizationService.saveAuthorization(authorization);
 // authorization exists
 assertEquals(1, authorizationService.createAuthorizationQuery().count());
 // delete the authorization
 authorizationService.deleteAuthorization(authorization.getId());
 // it's gone
 assertEquals(0, authorizationService.createAuthorizationQuery().count());
}

代码示例来源:origin: camunda/camunda-bpm-platform

protected void createGroupGrantAuthorization(Resource resource, String resourceId, String groupId, Permission... permissions) {
 Authorization authorization = createGrantAuthorization(resource, resourceId);
 authorization.setGroupId(groupId);
 for (Permission permission : permissions) {
  authorization.addPermission(permission);
 }
 saveAuthorization(authorization);
}

代码示例来源:origin: org.camunda.bpm/camunda-engine

Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getUserId()));
Assert.assertEquals(missingAuthorization.getUserId(), e.getUserId());
for (Permission permission : missingAuthorization.getPermissions(Permissions.values())) {
 if (permission != Permissions.NONE) {
  Assert.assertTrue(assertionFailureMessage, message.contains(permission.getName()));
if (!Authorization.ANY.equals(missingAuthorization.getResourceId())) {
 Assert.assertTrue(assertionFailureMessage, message.contains(missingAuthorization.getResourceId()));
Resource resource = AuthorizationTestUtil.getResourceByType(missingAuthorization.getResourceType());
Assert.assertTrue(assertionFailureMessage, message.contains(resource.resourceName()));

代码示例来源:origin: camunda/camunda-bpm-platform

public void testQueryWithGroupAuthorizationRevokedReadPermission() {
 // given
 // given user gets all permissions on any process definition
 Authorization authorization = createGrantAuthorization(PROCESS_DEFINITION, ANY);
 authorization.setGroupId(groupId);
 authorization.addPermission(ALL);
 saveAuthorization(authorization);
 authorization = createRevokeAuthorization(PROCESS_DEFINITION, ONE_TASK_PROCESS_KEY);
 authorization.setGroupId(groupId);
 authorization.removePermission(READ);
 saveAuthorization(authorization);
 // when
 ProcessDefinitionQuery query = repositoryService.createProcessDefinitionQuery();
 // then
 verifyQueryResults(query, 1);
 ProcessDefinition definition = query.singleResult();
 assertNotNull(definition);
 assertEquals(TWO_TASKS_PROCESS_KEY, definition.getKey());
}

内容来源于网络,如有侵权,请联系作者删除!

Authorization

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com