Package org.jbpm.casemgmt.impl
Class AuthorizationManagerImpl
- java.lang.Object
-
- org.jbpm.casemgmt.impl.AuthorizationManagerImpl
-
- All Implemented Interfaces:
AuthorizationManager
public class AuthorizationManagerImpl extends Object implements AuthorizationManager
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.jbpm.casemgmt.api.auth.AuthorizationManager
AuthorizationManager.ProtectedOperation
-
-
Field Summary
-
Fields inherited from interface org.jbpm.casemgmt.api.auth.AuthorizationManager
ADMIN_ROLE, OWNER_ROLE, PUBLIC_GROUP, UNKNOWN_USER
-
-
Constructor Summary
Constructors Constructor Description AuthorizationManagerImpl(org.kie.internal.identity.IdentityProvider identityProvider, TransactionalCommandService commandService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
buildAuthorizationConfig()
void
checkAuthorization(String caseId)
Checks if the caller (based on identity provider) is authorized to work with a case identified by caseIdvoid
checkCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, CommentInstance commentInstance)
Check if caller (based on identity provider) is authorized to manipulate given commentvoid
checkDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Collection<String> dataNames)
Check if caller (based on identity provider) is authorized to manipulate given datavoid
checkOperationAuthorization(String caseId, AuthorizationManager.ProtectedOperation operation)
Checks if the caller (based on identity provider) is authorized to perform given operation on a case.protected List<String>
collectUserAuthInfo()
List<CommentInstance>
filterByCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, List<CommentInstance> comments)
Filters provided comments by their restrictions.Map<String,Object>
filterByDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Map<String,Object> data)
Filters provided data by data restrictions.protected List<String>
getCallerRoles(CaseFileInstance caseFileInstance, List<String> callerAuthorization)
boolean
isEnabled()
protected boolean
loggedInAsSystemUser()
void
setEnabled(boolean enabled)
protected void
verifyAuthorization(String caseId, List<String> authorizedEntities, String errorMessage)
-
-
-
Constructor Detail
-
AuthorizationManagerImpl
public AuthorizationManagerImpl(org.kie.internal.identity.IdentityProvider identityProvider, TransactionalCommandService commandService)
-
-
Method Detail
-
checkAuthorization
public void checkAuthorization(String caseId) throws SecurityException
Description copied from interface:AuthorizationManager
Checks if the caller (based on identity provider) is authorized to work with a case identified by caseId- Specified by:
checkAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the case- Throws:
SecurityException
- thrown when caller is not authorized to access the case instance
-
checkOperationAuthorization
public void checkOperationAuthorization(String caseId, AuthorizationManager.ProtectedOperation operation) throws SecurityException
Description copied from interface:AuthorizationManager
Checks if the caller (based on identity provider) is authorized to perform given operation on a case.- Specified by:
checkOperationAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the caseoperation
- operations that is being invoked- Throws:
SecurityException
- thrown when caller is not authorized to access the case instance
-
isEnabled
public boolean isEnabled()
-
setEnabled
public void setEnabled(boolean enabled)
-
buildAuthorizationConfig
protected void buildAuthorizationConfig()
-
verifyAuthorization
protected void verifyAuthorization(String caseId, List<String> authorizedEntities, String errorMessage)
-
filterByDataAuthorization
public Map<String,Object> filterByDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Map<String,Object> data)
Description copied from interface:AuthorizationManager
Filters provided data by data restrictions. This guarantees only data authorized for given user will be returned.- Specified by:
filterByDataAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancedata
- actual data to be filtered- Returns:
- returns filtered map of data if any restriction applied
-
checkDataAuthorization
public void checkDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Collection<String> dataNames)
Description copied from interface:AuthorizationManager
Check if caller (based on identity provider) is authorized to manipulate given data- Specified by:
checkDataAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancedataNames
- data names to be manipulated/put into the case instance
-
filterByCommentAuthorization
public List<CommentInstance> filterByCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, List<CommentInstance> comments)
Description copied from interface:AuthorizationManager
Filters provided comments by their restrictions. This guarantees only comments authorized to be seen by user will be returned.- Specified by:
filterByCommentAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancecomments
- comments to be filtered- Returns:
- filtered comments if any restrictions applied or same as given as argument
-
checkCommentAuthorization
public void checkCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, CommentInstance commentInstance)
Description copied from interface:AuthorizationManager
Check if caller (based on identity provider) is authorized to manipulate given comment- Specified by:
checkCommentAuthorization
in interfaceAuthorizationManager
- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancecommentInstance
- comment that is about to be manipulated (updated or removed)
-
getCallerRoles
protected List<String> getCallerRoles(CaseFileInstance caseFileInstance, List<String> callerAuthorization)
-
loggedInAsSystemUser
protected boolean loggedInAsSystemUser()
-
-