Jbpm7.1 REST API invoke the claimTask()/startTask() & Authentication problem
971 views
Skip to first unread message
yanshui...@gmail.com
Sep 1, 2017, 5:42:23 AM9/1/17
to jBPM Development
Hi,
in the workbench page,you can find the task-25 is Reserved status,
In the sample evaluation process, I use the kie-server REST API claim a task,the value of "Authorization" is krisv/krisv,start a process and the actual owner is "john",when i invoke rest method startTask(containerId, taskId, userId) ,throw exception
'http://localhost:8080/kie-server/services/rest/server/containers/evaluation_1.0.0-SNAPSHOT/tasks/25/states/started'! Error code: 404, message: "Could not find task instance with id "25"" at org.kie.server.client.impl.AbstractKieServicesClientImpl.createExceptionForUnexpectedResponseCode(AbstractKieServicesClientImpl.java:617) at org.kie.server.client.impl.AbstractKieServicesClientImpl.makeHttpPutRequestAndCreateCustomResponse(AbstractKieServicesClientImpl.java:379) at org.kie.server.client.impl.AbstractKieServicesClientImpl.sendTaskOperation(AbstractKieServicesClientImpl.java:169) at org.kie.server.client.impl.UserTaskServicesClientImpl.startTask(UserTaskServicesClientImpl.java:235) at com.sinosoft.jbpm.api.impl.JbpmServiceImpl.acceptTask(JbpmServiceImpl.java:70) at com.sinosoft.jbpm.api.impl.JbpmServiceImplTest.acceptTask(JbpmServiceImplTest.java:34) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75) at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86) at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:252) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191) at org.junit.runner.JUnitCore.run(JUnitCore.java:137) at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68) at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:51) at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242) at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)in the workbench page,you can find the task-25 is Reserved status,
But,when i modified the krisv/krisv to john/john,it's ok.
I feel it is very strange, Why does this parameter userId fail to determine the task's handler,but the authenticated user of the rest call?
code :
UserTaskServicesClient userTaskService = getKieServicesClient().getServicesClient(UserTaskServicesClient.class);
TaskInstance taskInstance = findTaskById(taskId);
if ("Ready".equals(taskInstance.getStatus())) {
userTaskService.claimTask(containerId, taskId, userId);
userTaskService.startTask(containerId, taskId, userId);
} else if ("Reserved".equals(taskInstance.getStatus())) {
userTaskService.startTask(containerId, taskId, userId);
} else {
result = "failed";
}
Please help me about it. Thanks!
Maciej Swiderski
Sep 1, 2017, 2:02:22 PM9/1/17
to yanshui...@gmail.com, jBPM Development
By default kieserver uses authenticated user as the one who performs task operations. User given as part of the method call is only used then there is bypass auth user property turned on. See docs for mor info.
Maciej
--
You received this message because you are subscribed to the Google Groups "jBPM Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-developme...@googlegroups.com.
To post to this group, send email to jbpm-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/932c8956-0064-4a83-8c2f-7d6c372e61d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
yanshui...@gmail.com
Sep 3, 2017, 4:32:20 AM9/3/17
to jBPM Development, yanshui...@gmail.com
Hi Maciej,
Thank you for your reply.
In my project, we have hundreds of users, they will act as task performers, but I can not give everyone all the rest-all permissions it, it is unreasonable, these user id will only pass parameters as userId, and rest call the authentication user will only configure a few users, this case using the rest call task processing method how to deal with?
At present I only found two documents address, these two documents are not detailed rest call instructions:
2. http://localhost:8080/kie-server/docs/
在 2017年9月2日星期六 UTC+8上午2:02:22,Maciej Swiderski写道:
Is there any other detailed documentation?
Maciej Swiderski
Sep 3, 2017, 12:53:23 PM9/3/17
to yanshui...@gmail.com, jBPM Development
See this article for details how to bypass auth user
Maciej
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-development+unsubscribe@googlegroups.com.
To post to this group, send email to jbpm-development@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/af3cc189-34df-430d-9bc3-8dac066bcc79%40googlegroups.com.
yanshui...@gmail.com
Sep 4, 2017, 3:18:04 AM9/4/17
to jBPM Development, yanshui...@gmail.com
Thanks Maciej,it works!
在 2017年9月4日星期一 UTC+8上午12:53:23,Maciej Swiderski写道:
For those who encounter the same problem friends:
1. add code in your application
System.setProperty("org.kie.server.bypass.auth.user", "true");
2. add arg in build.xml
<arg value="-Dorg.kie.server.bypass.auth.user=true" />
在 2017年9月4日星期一 UTC+8上午12:53:23,Maciej Swiderski写道:
yanshui...@gmail.com
Sep 4, 2017, 9:41:13 PM9/4/17
to jBPM Development, yanshui...@gmail.com
Maciej,
I went down the process, encountered a new question,the potentialOwner of task 33 is group 'PM',an 'john' is member of group.
i found a soluton at https://developer.jboss.org/thread/163950 by adding modified org/jbpm/task/service/operations-dsl.mvel file to the classpath,What else is the better way to deal with it?
the error info:
2017-09-05 09:19:37,698 WARN [org.jbpm.services.task.persistence.TaskTransactionInterceptor] (default task-48) Could not commit session: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'john']' does not have permissions to execute operation 'Claim' on task id 33
at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:125)
at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:374)
at org.jbpm.services.task.impl.TaskInstanceServiceImpl.claim(TaskInstanceServiceImpl.java:154)
at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:52)
at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:33)
at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:76)
at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:63)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:39)
at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:45)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:39)
at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:45)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:39)
at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.internalExecute(OptimisticLockRetryInterceptor.java:102)
at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:83)
at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:44)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:39)
at org.jbpm.runtime.manager.impl.error.ExecutionErrorHandlerInterceptor.internalExecute(ExecutionErrorHandlerInterceptor.java:60)
at org.jbpm.runtime.manager.impl.error.ExecutionErrorHandlerInterceptor.execute(ExecutionErrorHandlerInterceptor.java:49)
at org.jbpm.runtime.manager.impl.error.ExecutionErrorHandlerInterceptor.execute(ExecutionErrorHandlerInterceptor.java:29)
at org.drools.core.runtime.InternalLocalRunner.execute(InternalLocalRunner.java:37)
at org.drools.core.runtime.InternalLocalRunner.execute(InternalLocalRunner.java:41)
at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:47)
at org.jbpm.services.task.impl.command.CommandBasedTaskService.claim(CommandBasedTaskService.java:163)
at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.claim(SynchronizedTaskService.java:105)
at org.jbpm.kie.services.impl.UserTaskServiceImpl.claim(UserTaskServiceImpl.java:171)
at org.kie.server.services.jbpm.UserTaskServiceBase.claim(UserTaskServiceBase.java:85)
at org.kie.server.remote.rest.jbpm.UserTaskResource.claim(UserTaskResource.java:99)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
在 2017年9月4日星期一 UTC+8上午12:53:23,Maciej Swiderski写道:
See this article for details how to bypass auth user
Maciej Swiderski
Sep 5, 2017, 2:53:11 AM9/5/17
to yanshui...@gmail.com, jBPM Development
in the link to article I have given you there is an info to configure user group callback and user info when enabling bypass authenticated user. Please follow that too to have group membership to be properly resolved.
Maciej
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/2c5763ad-fe7c-4913-8274-0175248ac44e%40googlegroups.com.
yanshui...@gmail.com
Sep 5, 2017, 12:56:26 PM9/5/17
to jBPM Development, yanshui...@gmail.com
Maciej,
Thanks for your reply,now in my project, will be deployed independently kie-server services, jbpm database table is also separate from the business system, but the flow of processes involved in the process of users and roles are maintained in the business db, the business system through the rest api call interface operation tasks, org.jbpm.ht.custom.callback property corresponding to my UserGroupCallback can only be placed on the kie-server service, but also need to cross the db to the business system database to obtain users and groups, I can only handle this , What are the better suggestions for this scene?
Ripin
在 2017年9月5日星期二 UTC+8下午2:53:11,Maciej Swiderski写道:
在 2017年9月5日星期二 UTC+8下午2:53:11,Maciej Swiderski写道:
Message has been deleted
prathibha madishetty
Jun 27, 2019, 6:13:37 AM6/27/19
to jBPM Development
Hi Maciej,
I have another scenario. I created 2 user tasks and have 2 different groups assigned respectively. Added users to that groups. Now i have created 1 more user(bypass user) to bypass the authentication and added him to both the groups. 1st group users are able to claim the task with bypass user. Now my concern is 2nd group users are also able to claim the 1st user task when bypass user is authenticated. How can i restrict that?
Thank you,
Prathibha.
Maciej
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-dev...@googlegroups.com.
Maciej Swiderski
Jun 28, 2019, 8:36:43 AM6/28/19
to prathibha madishetty, jBPM Development
Group membership is resolved at query time so as long as the user is in the group will be able to work on a task.
There is concept of excluded owners which might be a good fit for restricting certain users
Maciej
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/9f4a4232-bac3-450f-91ca-f9a7fd1e1d8a%40googlegroups.com.
Jatin Sutaria
Apr 19, 2023, 8:57:21 AM4/19/23
to jBPM Development
Hi Macie - I have configured the user group callback for JBPM 7.56. My '
org.kie.server.bypass.auth.user ' property is also set to true. For my simple workflow with a single human task assigned to a group, I am able to see the tasks on behalf of the users belonging to the group. However I can't start/complete or claim it on behalf of any of the group users.
Where can I look in to figure out what's wrong?
Thanks
Maciej
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/af3cc189-34df-430d-9bc3-8dac066bcc79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "jBPM Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-dev...@googlegroups.com.
To post to this group, send email to jbpm-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jbpm-development/2c5763ad-fe7c-4913-8274-0175248ac44e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "jBPM Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jbpm-developme...@googlegroups.com.
To post to this group, send email to jbpm-dev...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages