diff --git a/common/taskana-common-test/src/main/java/pro/taskana/common/test/security/JaasExtension.java b/common/taskana-common-test/src/main/java/pro/taskana/common/test/security/JaasExtension.java index 2c6afd9ed..f2ef073d1 100644 --- a/common/taskana-common-test/src/main/java/pro/taskana/common/test/security/JaasExtension.java +++ b/common/taskana-common-test/src/main/java/pro/taskana/common/test/security/JaasExtension.java @@ -36,8 +36,8 @@ import org.junit.platform.commons.JUnitException; import org.junit.platform.commons.support.AnnotationSupport; import pro.taskana.common.api.exceptions.SystemException; -import pro.taskana.common.internal.security.GroupPrincipal; -import pro.taskana.common.internal.security.UserPrincipal; +import pro.taskana.common.api.security.GroupPrincipal; +import pro.taskana.common.api.security.UserPrincipal; /** Runner for integration tests that enables JAAS subject. */ public class JaasExtension implements InvocationInterceptor, TestTemplateInvocationContextProvider { diff --git a/common/taskana-common-test/src/test/java/pro/taskana/common/test/security/JaasExtensionTest.java b/common/taskana-common-test/src/test/java/pro/taskana/common/test/security/JaasExtensionTest.java index efc03ebea..99cbc3eb1 100644 --- a/common/taskana-common-test/src/test/java/pro/taskana/common/test/security/JaasExtensionTest.java +++ b/common/taskana-common-test/src/test/java/pro/taskana/common/test/security/JaasExtensionTest.java @@ -23,39 +23,42 @@ import org.junit.jupiter.api.TestFactory; import org.junit.jupiter.api.TestTemplate; import org.junit.jupiter.api.extension.ExtendWith; -import pro.taskana.common.internal.security.CurrentUserContext; +import pro.taskana.common.api.security.CurrentUserContext; +import pro.taskana.common.internal.security.CurrentUserContextImpl; @ExtendWith(JaasExtension.class) class JaasExtensionTest { private static final String INSIDE_DYNAMIC_TEST_USER = "insidedynamictest"; + private static final CurrentUserContext CURRENT_USER_CONTEXT = new CurrentUserContextImpl(true); private static final DynamicTest NOT_NULL_DYNAMIC_TEST = - dynamicTest("dynamic test", () -> assertThat(CurrentUserContext.getUserid()).isNotNull()); + dynamicTest("dynamic test", () -> assertThat(CURRENT_USER_CONTEXT.getUserid()).isNotNull()); private static final DynamicTest NULL_DYNAMIC_TEST = - dynamicTest("dynamic test", () -> assertThat(CurrentUserContext.getUserid()).isEqualTo(null)); + dynamicTest( + "dynamic test", () -> assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null)); private static final DynamicTest DYNAMIC_TEST_USER_DYNAMIC_TEST = dynamicTest( "dynamic test", - () -> assertThat(CurrentUserContext.getUserid()).isEqualTo(INSIDE_DYNAMIC_TEST_USER)); + () -> assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(INSIDE_DYNAMIC_TEST_USER)); // region JaasExtension#interceptBeforeAllMethod @BeforeAll static void should_NotSetJaasSubject_When_AnnotationIsMissing_On_BeforeAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @WithAccessId(user = "beforeall") @BeforeAll static void should_SetJaasSubject_When_AnnotationExists_On_BeforeAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("beforeall"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("beforeall"); } @WithAccessId(user = "beforeall") @WithAccessId(user = "beforeall2") @BeforeAll static void should_NotSetJaasSubject_When_MultipleAnnotationsExist_On_BeforeAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } // endregion @@ -64,20 +67,20 @@ class JaasExtensionTest { @BeforeEach void should_NotSetJaasSubject_When_AnnotationIsMissing_On_BeforeEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @WithAccessId(user = "beforeeach") @BeforeEach void should_SetJaasSubject_When_AnnotationExists_On_BeforeEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("beforeeach"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("beforeeach"); } @WithAccessId(user = "beforeeach") @WithAccessId(user = "beforeeach2") @BeforeEach void should_NotSetJaasSubject_When_MultipleAnnotationsExist_On_BeforeEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } // endregion @@ -86,20 +89,20 @@ class JaasExtensionTest { @AfterEach void should_NotSetJaasSubject_When_AnnotationIsMissing_On_AfterEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @WithAccessId(user = "aftereach") @AfterEach void should_SetJaasSubject_When_AnnotationExists_On_AfterEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("aftereach"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("aftereach"); } @WithAccessId(user = "aftereach") @WithAccessId(user = "afterach2") @AfterEach void should_NotSetJaasSubject_When_MultipleAnnotationsExist_On_AfterEach() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } // endregion @@ -108,20 +111,20 @@ class JaasExtensionTest { @AfterAll static void should_NotSetJaasSubject_When_AnnotationIsMissing_On_AfterAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @WithAccessId(user = "afterall") @AfterAll static void should_SetJaasSubject_When_AnnotationExists_On_AfterAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("afterall"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("afterall"); } @WithAccessId(user = "afterall") @WithAccessId(user = "afterall2") @AfterAll static void should_NotSetJaasSubject_When_MultipleAnnotationsExist_On_AfterAll() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } // endregion @@ -130,14 +133,14 @@ class JaasExtensionTest { @Test void should_NotSetJaasSubject_When_AnnotationIsMissing_On_Test() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @WithAccessId(user = "user") @Test void should_SetJaasSubject_When_AnnotationExists_On_Test() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("user"); - assertThat(CurrentUserContext.getGroupIds()).isEmpty(); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user"); + assertThat(CURRENT_USER_CONTEXT.getGroupIds()).isEmpty(); } @WithAccessId( @@ -145,15 +148,15 @@ class JaasExtensionTest { groups = {"group1", "group2"}) @Test void should_SetJaasSubjectWithGroups_When_AnnotationExistsWithGroups_On_Test() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("user"); - assertThat(CurrentUserContext.getGroupIds()).containsExactlyInAnyOrder("group1", "group2"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user"); + assertThat(CURRENT_USER_CONTEXT.getGroupIds()).containsExactlyInAnyOrder("group1", "group2"); } @WithAccessId(user = "user") @Test @Disabled("this can be tested with a org.junit.platform.launcher.TestExecutionListener") void should_NotInjectParameter_When_ParameterIsPresent_On_Test(WithAccessId accessId) { - assertThat(CurrentUserContext.getUserid()).isEqualTo("user"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("user"); } @WithAccessId(user = "user") @@ -161,7 +164,7 @@ class JaasExtensionTest { @Test @Disabled("this can be tested with a org.junit.platform.launcher.TestExecutionListener") void should_ThrowException_When_MultipleAnnotationsExist_On_Test() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } // endregion @@ -170,14 +173,14 @@ class JaasExtensionTest { @TestFactory List should_NotSetJaasSubject_When_AnnotationIsMissing_On_TestFactory() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); return Collections.emptyList(); } @WithAccessId(user = "testfactory") @TestFactory List should_SetJaasSubject_When_AnnotationExists_On_TestFactory() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("testfactory"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("testfactory"); return Collections.emptyList(); } @@ -186,7 +189,7 @@ class JaasExtensionTest { @TestFactory List should_SetJaasSubjectFromFirstAnnotation_When_MultipleAnnotationsExists_On_TestFactory() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("testfactory1"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("testfactory1"); return Collections.emptyList(); } @@ -197,13 +200,13 @@ class JaasExtensionTest { @TestTemplate @Disabled("this can be tested with a org.junit.platform.launcher.TestExecutionListener") void should_NotFindContextProvider_When_AnnotationIsMissing_On_TestTemplate() { - assertThat(CurrentUserContext.getUserid()).isNotNull(); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isNotNull(); } @WithAccessId(user = "testtemplate") @TestTemplate void should_SetJaasSubject_When_AnnotationExists_On_TestTemplate() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("testtemplate"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("testtemplate"); } @WithAccessId(user = "testtemplate1") @@ -212,7 +215,7 @@ class JaasExtensionTest { @TestTemplate void should_SetMultipleJaasSubjects_When_MultipleAnnotationsExist_On_TestTemplate( WithAccessId accessId) { - assertThat(CurrentUserContext.getUserid()).isEqualTo(accessId.user()); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(accessId.user()); } @WithAccessId(user = "testtemplate1", groups = "abc") @@ -705,12 +708,12 @@ class JaasExtensionTest { @Nested class ConstructorWithoutAccessId { ConstructorWithoutAccessId() { - assertThat(CurrentUserContext.getUserid()).isEqualTo(null); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo(null); } @Test void should_NotSetJaasSubject_When_AnnotationIsMissing_On_Constructor() { - assertThat(CurrentUserContext.getUserid()).isNull(); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isNull(); } } @@ -718,12 +721,12 @@ class JaasExtensionTest { class ConstructorWithAccessId { @WithAccessId(user = "constructor") ConstructorWithAccessId() { - assertThat(CurrentUserContext.getUserid()).isEqualTo("constructor"); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isEqualTo("constructor"); } @Test void should_SetJaasSubject_When_AnnotationExists_On_Constructor() { - assertThat(CurrentUserContext.getUserid()).isNull(); + assertThat(CURRENT_USER_CONTEXT.getUserid()).isNull(); } } diff --git a/common/taskana-common/src/main/java/pro/taskana/common/api/security/CurrentUserContext.java b/common/taskana-common/src/main/java/pro/taskana/common/api/security/CurrentUserContext.java new file mode 100644 index 000000000..580561214 --- /dev/null +++ b/common/taskana-common/src/main/java/pro/taskana/common/api/security/CurrentUserContext.java @@ -0,0 +1,33 @@ +package pro.taskana.common.api.security; + +import java.util.List; + +/** + * Provides the context information about the current (calling) user. The context is gathered from + * the JAAS subject. + */ +public interface CurrentUserContext { + + /** + * Returns the userid of the current user. + * + * @return String the userid. null if there is no JAAS subject. + */ + public String getUserid(); + + /** + * Returns all groupIds of the current user. + * + * @return list containing all groupIds of the current user. Empty if the current user belongs to + * no groups or no JAAS Subject set. + */ + public List getGroupIds(); + + /** + * Returns all accessIds of the current user. This combines the userId and all groupIds of the + * current user. + * + * @return list containing all accessIds of the current user. Empty if there is no JAAS subject. + */ + public List getAccessIds(); +} diff --git a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/GroupPrincipal.java b/common/taskana-common/src/main/java/pro/taskana/common/api/security/GroupPrincipal.java similarity index 95% rename from common/taskana-common/src/main/java/pro/taskana/common/internal/security/GroupPrincipal.java rename to common/taskana-common/src/main/java/pro/taskana/common/api/security/GroupPrincipal.java index 35e419fbb..6ecbb7e8b 100644 --- a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/GroupPrincipal.java +++ b/common/taskana-common/src/main/java/pro/taskana/common/api/security/GroupPrincipal.java @@ -1,4 +1,4 @@ -package pro.taskana.common.internal.security; +package pro.taskana.common.api.security; import java.security.Principal; import java.security.acl.Group; diff --git a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/UserPrincipal.java b/common/taskana-common/src/main/java/pro/taskana/common/api/security/UserPrincipal.java similarity index 89% rename from common/taskana-common/src/main/java/pro/taskana/common/internal/security/UserPrincipal.java rename to common/taskana-common/src/main/java/pro/taskana/common/api/security/UserPrincipal.java index 5d114338d..eb9b41978 100644 --- a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/UserPrincipal.java +++ b/common/taskana-common/src/main/java/pro/taskana/common/api/security/UserPrincipal.java @@ -1,4 +1,4 @@ -package pro.taskana.common.internal.security; +package pro.taskana.common.api.security; import java.security.Principal; diff --git a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContext.java b/common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContextImpl.java similarity index 68% rename from common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContext.java rename to common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContextImpl.java index ff452964b..749f2df58 100644 --- a/common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContext.java +++ b/common/taskana-common/src/main/java/pro/taskana/common/internal/security/CurrentUserContextImpl.java @@ -16,38 +16,37 @@ import javax.security.auth.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * Provides the context information about the current (calling) user. The context is gathered from - * the JAAS subject. - * - * @author Holger Hagen - */ -public final class CurrentUserContext { +import pro.taskana.common.api.security.CurrentUserContext; + +public class CurrentUserContextImpl implements CurrentUserContext { private static final String GET_UNIQUE_SECURITY_NAME_METHOD = "getUniqueSecurityName"; private static final String GET_CALLER_SUBJECT_METHOD = "getCallerSubject"; private static final String WSSUBJECT_CLASSNAME = "com.ibm.websphere.security.auth.WSSubject"; private static final Logger LOGGER = LoggerFactory.getLogger(CurrentUserContext.class); + private final boolean shouldUseLowerCaseForAccessIds; + private boolean runningOnWebSphere; - private static Boolean runningOnWebSphere = null; - - private CurrentUserContext() {} - - /** - * Returns the userid of the current user. - * - * @return String the userid. null if there is no JAAS subject. - */ - public static String getUserid() { - if (runningOnWebSphere()) { - return getUserIdFromWsSubject(); - } else { - return getUserIdFromJaasSubject(); + public CurrentUserContextImpl(boolean shouldUseLowerCaseForAccessIds) { + this.shouldUseLowerCaseForAccessIds = shouldUseLowerCaseForAccessIds; + try { + Class.forName(WSSUBJECT_CLASSNAME); + LOGGER.debug("WSSubject detected. Assuming that Taskana runs on IBM WebSphere."); + runningOnWebSphere = true; + } catch (ClassNotFoundException e) { + LOGGER.debug("No WSSubject detected. Using JAAS subject further on."); + runningOnWebSphere = false; } } - public static List getGroupIds() { + @Override + public String getUserid() { + return runningOnWebSphere ? getUserIdFromWsSubject() : getUserIdFromJaasSubject(); + } + + @Override + public List getGroupIds() { Subject subject = Subject.getSubject(AccessController.getContext()); LOGGER.trace("Subject of caller: {}", subject); if (subject != null) { @@ -56,14 +55,15 @@ public final class CurrentUserContext { return groups.stream() .map(Principal::getName) .filter(Objects::nonNull) - .map(CurrentUserContext::convertAccessId) + .map(this::convertAccessId) .collect(Collectors.toList()); } LOGGER.trace("No groupIds found in subject!"); return Collections.emptyList(); } - public static List getAccessIds() { + @Override + public List getAccessIds() { List accessIds = new ArrayList<>(getGroupIds()); accessIds.add(getUserid()); return accessIds; @@ -75,7 +75,7 @@ public final class CurrentUserContext { * * @return the userid of the caller. If the userid could not be obtained, null is returned. */ - private static String getUserIdFromWsSubject() { + private String getUserIdFromWsSubject() { try { Class wsSubjectClass = Class.forName(WSSUBJECT_CLASSNAME); Method getCallerSubjectMethod = @@ -98,7 +98,7 @@ public final class CurrentUserContext { LOGGER.debug( "Returning the unique security name of first public credential: {}", o)) .map(Object::toString) - .map(CurrentUserContext::convertAccessId) + .map(this::convertAccessId) .findFirst() .orElse(null); } @@ -108,26 +108,7 @@ public final class CurrentUserContext { return null; } - /** - * Checks, whether Taskana is running on IBM WebSphere. - * - * @return true, if it is running on IBM WebSphere - */ - private static boolean runningOnWebSphere() { - if (runningOnWebSphere == null) { - try { - Class.forName(WSSUBJECT_CLASSNAME); - LOGGER.debug("WSSubject detected. Assuming that Taskana runs on IBM WebSphere."); - runningOnWebSphere = true; - } catch (ClassNotFoundException e) { - LOGGER.debug("No WSSubject detected. Using JAAS subject further on."); - runningOnWebSphere = false; - } - } - return runningOnWebSphere; - } - - private static String getUserIdFromJaasSubject() { + private String getUserIdFromJaasSubject() { Subject subject = Subject.getSubject(AccessController.getContext()); LOGGER.trace("Subject of caller: {}", subject); if (subject != null) { @@ -137,7 +118,7 @@ public final class CurrentUserContext { .filter(principal -> !(principal instanceof Group)) .map(Principal::getName) .filter(Objects::nonNull) - .map(CurrentUserContext::convertAccessId) + .map(this::convertAccessId) .findFirst() .orElse(null); } @@ -145,12 +126,11 @@ public final class CurrentUserContext { return null; } - private static String convertAccessId(String accessId) { + private String convertAccessId(String accessId) { String toReturn = accessId; - // TODO: DAS IST DOOF - // if (shouldUseLowerCaseForAccessIds()) { - // toReturn = accessId.toLowerCase(); - // } + if (shouldUseLowerCaseForAccessIds) { + toReturn = accessId.toLowerCase(); + } LOGGER.trace("Found AccessId '{}'. Returning AccessId '{}' ", accessId, toReturn); return toReturn; } diff --git a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java index 06ac39b53..4c2c3cca5 100644 --- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java +++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java @@ -6,7 +6,6 @@ import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pro.taskana.TaskanaEngineConfiguration; import pro.taskana.common.api.TaskanaEngine; import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.exceptions.InvalidArgumentException; @@ -34,7 +33,7 @@ public class SimpleHistoryServiceImpl implements TaskanaHistory { public void initialize(TaskanaEngine taskanaEngine) { - this.taskanaHistoryEngine = getTaskanaEngine(taskanaEngine.getConfiguration()); + this.taskanaHistoryEngine = getTaskanaEngine(taskanaEngine); if (LOGGER.isDebugEnabled()) { LOGGER.debug( @@ -169,7 +168,7 @@ public class SimpleHistoryServiceImpl implements TaskanaHistory { /* * ATTENTION: This method exists for testing purposes. */ - TaskanaHistoryEngineImpl getTaskanaEngine(TaskanaEngineConfiguration taskanaEngineConfiguration) { - return TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngineConfiguration); + TaskanaHistoryEngineImpl getTaskanaEngine(TaskanaEngine taskanaEngine) { + return TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngine); } } diff --git a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java index 9cf4c742d..681c0fe9c 100644 --- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java +++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java @@ -19,9 +19,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pro.taskana.TaskanaEngineConfiguration; +import pro.taskana.common.api.TaskanaEngine; import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.exceptions.NotAuthorizedException; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.simplehistory.TaskanaHistoryEngine; import pro.taskana.simplehistory.impl.classification.ClassificationHistoryEventMapper; import pro.taskana.simplehistory.impl.classification.ClassificationHistoryQueryMapper; @@ -37,28 +37,30 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine { protected static final ThreadLocal> SESSION_STACK = new ThreadLocal<>(); private static final Logger LOGGER = LoggerFactory.getLogger(TaskanaHistoryEngineImpl.class); private static final String DEFAULT = "default"; - protected SqlSessionManager sessionManager; - protected TransactionFactory transactionFactory; - protected TaskanaHistory taskanaHistoryService; - TaskanaEngineConfiguration taskanaEngineConfiguration; + private final SqlSessionManager sessionManager; + private final TaskanaEngineConfiguration taskanaEngineConfiguration; + private final TaskanaEngine taskanaEngine; + private TransactionFactory transactionFactory; + private TaskanaHistory taskanaHistoryService; - protected TaskanaHistoryEngineImpl(TaskanaEngineConfiguration taskanaEngineConfiguration) { - this.taskanaEngineConfiguration = taskanaEngineConfiguration; + protected TaskanaHistoryEngineImpl(TaskanaEngine taskanaEngine) { + this.taskanaEngineConfiguration = taskanaEngine.getConfiguration(); + this.taskanaEngine = taskanaEngine; - createTransactionFactory(this.taskanaEngineConfiguration.getUseManagedTransactions()); - this.sessionManager = createSqlSessionManager(); + createTransactionFactory(taskanaEngineConfiguration.getUseManagedTransactions()); + sessionManager = createSqlSessionManager(); } public static TaskanaHistoryEngineImpl createTaskanaEngine( - TaskanaEngineConfiguration taskanaEngineConfiguration) { - return new TaskanaHistoryEngineImpl(taskanaEngineConfiguration); + TaskanaEngine taskanaEngine) { + return new TaskanaHistoryEngineImpl(taskanaEngine); } @Override public TaskanaHistory getTaskanaHistoryService() { if (taskanaHistoryService == null) { SimpleHistoryServiceImpl historyService = new SimpleHistoryServiceImpl(); - historyService.initialize(taskanaEngineConfiguration.buildTaskanaEngine()); + historyService.initialize(taskanaEngine); this.taskanaHistoryService = historyService; } return this.taskanaHistoryService; @@ -74,7 +76,8 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine { .map(role -> getConfiguration().getRoleMap().get(role)) .collect(HashSet::new, Set::addAll, Set::addAll); - return CurrentUserContext.getAccessIds().stream().anyMatch(rolesMembers::contains); + return taskanaEngine.getCurrentUserContext().getAccessIds().stream() + .anyMatch(rolesMembers::contains); } public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException { @@ -82,12 +85,12 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine { if (LOGGER.isDebugEnabled()) { LOGGER.debug( "Throwing NotAuthorizedException because accessIds {} are not member of roles {}", - CurrentUserContext.getAccessIds(), + taskanaEngine.getCurrentUserContext().getAccessIds(), Arrays.toString(roles)); } throw new NotAuthorizedException( "current user is not member of role(s) " + Arrays.toString(roles), - CurrentUserContext.getUserid()); + taskanaEngine.getCurrentUserContext().getUserid()); } } diff --git a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java index 6db5fe8e0..d7bb8dcc3 100644 --- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java +++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java @@ -55,7 +55,7 @@ public class HistoryCleanupJob extends AbstractTaskanaJob { private final boolean allCompletedSameParentBusiness; TaskanaHistoryEngineImpl taskanaHistoryEngine = - TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngineImpl.getConfiguration()); + TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngineImpl); private Instant firstRun = Instant.parse("2018-01-01T00:00:00Z"); private Duration runEvery = Duration.parse("P1D"); diff --git a/history/taskana-simplehistory-provider/src/test/java/acceptance/AbstractAccTest.java b/history/taskana-simplehistory-provider/src/test/java/acceptance/AbstractAccTest.java index 28ad0ed92..973c3ff70 100644 --- a/history/taskana-simplehistory-provider/src/test/java/acceptance/AbstractAccTest.java +++ b/history/taskana-simplehistory-provider/src/test/java/acceptance/AbstractAccTest.java @@ -114,9 +114,9 @@ public abstract class AbstractAccTest { dataSource, false, schemaName != null && !schemaName.isEmpty() ? schemaName : getSchemaName()); - taskanaHistoryEngine = TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngineConfiguration); taskanaEngine = taskanaEngineConfiguration.buildTaskanaEngine(); taskanaEngine.setConnectionManagementMode(ConnectionManagementMode.AUTOCOMMIT); + taskanaHistoryEngine = TaskanaHistoryEngineImpl.createTaskanaEngine(taskanaEngine); historyService = new SimpleHistoryServiceImpl(); historyService.initialize(taskanaEngineConfiguration.buildTaskanaEngine()); diff --git a/history/taskana-simplehistory-provider/src/test/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImplTest.java b/history/taskana-simplehistory-provider/src/test/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImplTest.java index 2eace6c6a..848b6b80f 100644 --- a/history/taskana-simplehistory-provider/src/test/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImplTest.java +++ b/history/taskana-simplehistory-provider/src/test/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImplTest.java @@ -60,10 +60,8 @@ class SimpleHistoryServiceImplTest { when(sqlSessionManagerMock.getMapper(WorkbasketHistoryEventMapper.class)) .thenReturn(workbasketHistoryEventMapperMock); when(taskanaHistoryEngineMock.getSqlSession()).thenReturn(sqlSessionManagerMock); - doReturn(taskanaHistoryEngineMock).when(cutSpy).getTaskanaEngine(taskanaEngineConfiguration); + doReturn(taskanaHistoryEngineMock).when(cutSpy).getTaskanaEngine(taskanaEngine); doReturn(taskanaEngine).when(taskanaEngineConfiguration).buildTaskanaEngine(); - doReturn(taskanaEngineConfiguration).when(taskanaEngine).getConfiguration(); - cutSpy.initialize(taskanaEngineConfiguration.buildTaskanaEngine()); verify(sqlSessionManagerMock, times(3)).getMapper(any()); diff --git a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java index c966b1b09..1eef82c0e 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java @@ -29,7 +29,6 @@ import pro.taskana.common.api.exceptions.DomainNotFoundException; import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.common.internal.util.LogSanitizer; import pro.taskana.common.internal.util.ObjectAttributeChangeDetector; @@ -151,7 +150,7 @@ public class ClassificationServiceImpl implements ClassificationService { new ClassificationDeletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_CLASSIFICATION_HISTORY_EVENT), classification, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } @@ -237,7 +236,7 @@ public class ClassificationServiceImpl implements ClassificationService { new ClassificationCreatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_CLASSIFICATION_HISTORY_EVENT), classificationImpl, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } @@ -290,7 +289,7 @@ public class ClassificationServiceImpl implements ClassificationService { new ClassificationUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_CLASSIFICATION_HISTORY_EVENT), classificationImpl, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } LOGGER.debug( diff --git a/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java b/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java index 197252b9e..6d2744e40 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java +++ b/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java @@ -5,6 +5,7 @@ import java.sql.SQLException; import pro.taskana.TaskanaEngineConfiguration; import pro.taskana.classification.api.ClassificationService; import pro.taskana.common.api.exceptions.NotAuthorizedException; +import pro.taskana.common.api.security.CurrentUserContext; import pro.taskana.monitor.api.MonitorService; import pro.taskana.task.api.TaskService; import pro.taskana.workbasket.api.WorkbasketService; @@ -114,6 +115,14 @@ public interface TaskanaEngine { */ void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException; + /** + * Returns the CurrentUserContext class. + * + * @return the CurrentUserContext + */ + CurrentUserContext getCurrentUserContext(); + + /** * Connection management mode. Controls the connection handling of taskana * diff --git a/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java b/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java index 7f915b4fa..56e76a975 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java @@ -41,11 +41,12 @@ import pro.taskana.common.api.exceptions.ConnectionNotSetException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.api.exceptions.TaskanaRuntimeException; +import pro.taskana.common.api.security.CurrentUserContext; +import pro.taskana.common.api.security.GroupPrincipal; import pro.taskana.common.internal.configuration.DB; import pro.taskana.common.internal.persistence.InstantTypeHandler; import pro.taskana.common.internal.persistence.MapTypeHandler; -import pro.taskana.common.internal.security.CurrentUserContext; -import pro.taskana.common.internal.security.GroupPrincipal; +import pro.taskana.common.internal.security.CurrentUserContextImpl; import pro.taskana.monitor.api.MonitorService; import pro.taskana.monitor.internal.MonitorMapper; import pro.taskana.monitor.internal.MonitorServiceImpl; @@ -76,12 +77,13 @@ public class TaskanaEngineImpl implements TaskanaEngine { private final CreateTaskPreprocessorManager createTaskPreprocessorManager; private final InternalTaskanaEngineImpl internalTaskanaEngineImpl; private final WorkingDaysToDaysConverter workingDaysToDaysConverter; + private final HistoryEventManager historyEventManager; + private final CurrentUserContext currentUserContext; protected TaskanaEngineConfiguration taskanaEngineConfiguration; protected TransactionFactory transactionFactory; protected SqlSessionManager sessionManager; protected ConnectionManagementMode mode = ConnectionManagementMode.PARTICIPATE; protected Connection connection = null; - private HistoryEventManager historyEventManager; protected TaskanaEngineImpl(TaskanaEngineConfiguration taskanaEngineConfiguration) { this.taskanaEngineConfiguration = taskanaEngineConfiguration; @@ -96,6 +98,8 @@ public class TaskanaEngineImpl implements TaskanaEngine { taskanaEngineConfiguration.isGermanPublicHolidaysEnabled(), taskanaEngineConfiguration.isCorpusChristiEnabled(), taskanaEngineConfiguration.getCustomHolidays()); + currentUserContext = + new CurrentUserContextImpl(TaskanaEngineConfiguration.shouldUseLowerCaseForAccessIds()); } public static TaskanaEngine createTaskanaEngine( @@ -205,7 +209,7 @@ public class TaskanaEngineImpl implements TaskanaEngine { return true; } - List accessIds = CurrentUserContext.getAccessIds(); + List accessIds = currentUserContext.getAccessIds(); Set rolesMembers = new HashSet<>(); for (TaskanaRole role : roles) { rolesMembers.addAll(getConfiguration().getRoleMap().get(role)); @@ -226,15 +230,20 @@ public class TaskanaEngineImpl implements TaskanaEngine { String rolesAsString = Arrays.toString(roles); LOGGER.debug( "Throwing NotAuthorizedException because accessIds {} are not member of roles {}", - CurrentUserContext.getAccessIds(), + currentUserContext.getAccessIds(), rolesAsString); } throw new NotAuthorizedException( "current user is not member of role(s) " + Arrays.toString(roles), - CurrentUserContext.getUserid()); + currentUserContext.getUserid()); } } + @Override + public CurrentUserContext getCurrentUserContext() { + return currentUserContext; + } + /** * This method creates the sqlSessionManager of myBatis. It integrates all the SQL mappers and * sets the databaseId attribute. diff --git a/lib/taskana-core/src/main/java/pro/taskana/common/internal/jobs/JobRunner.java b/lib/taskana-core/src/main/java/pro/taskana/common/internal/jobs/JobRunner.java index ae75abf73..29eae8c00 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/common/internal/jobs/JobRunner.java +++ b/lib/taskana-core/src/main/java/pro/taskana/common/internal/jobs/JobRunner.java @@ -15,9 +15,8 @@ import pro.taskana.common.api.ScheduledJob; import pro.taskana.common.api.TaskanaEngine; import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.exceptions.SystemException; +import pro.taskana.common.api.security.UserPrincipal; import pro.taskana.common.internal.JobServiceImpl; -import pro.taskana.common.internal.TaskanaEngineImpl; -import pro.taskana.common.internal.security.UserPrincipal; import pro.taskana.common.internal.transaction.TaskanaTransactionProvider; import pro.taskana.task.internal.TaskServiceImpl; @@ -25,12 +24,12 @@ import pro.taskana.task.internal.TaskServiceImpl; public class JobRunner { private static final Logger LOGGER = LoggerFactory.getLogger(TaskServiceImpl.class); - private TaskanaEngineImpl taskanaEngine; - private JobServiceImpl jobService; + private final TaskanaEngine taskanaEngine; + private final JobServiceImpl jobService; private TaskanaTransactionProvider txProvider; public JobRunner(TaskanaEngine taskanaEngine) { - this.taskanaEngine = (TaskanaEngineImpl) taskanaEngine; + this.taskanaEngine = taskanaEngine; jobService = (JobServiceImpl) taskanaEngine.getJobService(); } @@ -54,7 +53,7 @@ public class JobRunner { private List findAndLockJobsToRun() { List availableJobs = jobService.findJobsToRun(); - List lockedJobs = new ArrayList(); + List lockedJobs = new ArrayList<>(); for (ScheduledJob job : availableJobs) { lockedJobs.add(lockJobTransactionally(job)); } @@ -81,8 +80,7 @@ public class JobRunner { } job.setLockedBy(hostAddress + " - " + Thread.currentThread().getName()); String owner = hostAddress + " - " + Thread.currentThread().getName(); - ScheduledJob lockedJob = jobService.lockJob(job, owner); - return lockedJob; + return jobService.lockJob(job, owner); } private void runJobTransactionally(ScheduledJob scheduledJob) { @@ -114,20 +112,16 @@ public class JobRunner { } else { // we must establish admin context try { - Subject.doAs( - getAdminSubject(), - new PrivilegedExceptionAction() { - @Override - public Object run() throws Exception { - try { - runScheduledJobImpl(scheduledJob); - } catch (Exception e) { - throw new SystemException( - String.format("could not run Job %s.", scheduledJob), e); - } - return null; + PrivilegedExceptionAction action = + () -> { + try { + runScheduledJobImpl(scheduledJob); + } catch (Exception e) { + throw new SystemException(String.format("could not run Job %s.", scheduledJob), e); } - }); + return null; + }; + Subject.doAs(getAdminSubject(), action); } catch (PrivilegedActionException e) { LOGGER.warn("Attempt to run job {} failed.", scheduledJob, e); } diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java index a46fc456a..002b4dddd 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java @@ -12,7 +12,6 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.task.api.exceptions.TaskCommentNotFoundException; import pro.taskana.task.api.exceptions.TaskNotFoundException; @@ -59,7 +58,7 @@ class TaskCommentServiceImpl { LOGGER.debug("entry to updateTaskComment (taskComment = {})", taskCommentToUpdate); - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); TaskCommentImpl taskCommentImplToUpdate = (TaskCommentImpl) taskCommentToUpdate; @@ -132,7 +131,7 @@ class TaskCommentServiceImpl { LOGGER.debug("entry to deleteTaskComment (taskComment = {}", taskCommentId); - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); try { @@ -241,7 +240,7 @@ class TaskCommentServiceImpl { taskCommentImplToCreate.setModified(now); taskCommentImplToCreate.setCreated(now); - String creator = CurrentUserContext.getUserid(); + String creator = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); if (taskanaEngine.getEngine().getConfiguration().isSecurityEnabled() && creator == null) { throw new SystemException( "TaskanaSecurity is enabled, but the current UserId is" diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java index ec03b61c5..3285b0a04 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java @@ -18,7 +18,6 @@ import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.api.exceptions.TaskanaRuntimeException; import pro.taskana.common.internal.InternalTaskanaEngine; import pro.taskana.common.internal.configuration.DB; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.task.api.CallbackState; import pro.taskana.task.api.ObjectReferenceQuery; import pro.taskana.task.api.TaskCustomField; @@ -1604,7 +1603,7 @@ public class TaskQueryImpl implements TaskQuery { this.accessIdIn = null; } else if (this.accessIdIn == null) { String[] accessIds = new String[0]; - List ucAccessIds = CurrentUserContext.getAccessIds(); + List ucAccessIds = taskanaEngine.getEngine().getCurrentUserContext().getAccessIds(); if (!ucAccessIds.isEmpty()) { accessIds = new String[ucAccessIds.size()]; accessIds = ucAccessIds.toArray(accessIds); diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java index b262c9a05..5504cb522 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java @@ -29,7 +29,6 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.api.exceptions.TaskanaException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.CheckedConsumer; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.common.internal.util.ObjectAttributeChangeDetector; @@ -217,7 +216,7 @@ public class TaskServiceImpl implements TaskService { workbasketService.checkAuthorization( task.getWorkbasketSummary().getId(), WorkbasketPermission.APPEND); - + // we do use the key and not the ID to make sure that we use the classification from the right // domain. // otherwise we would have to check the classification and its domain for validity. @@ -243,7 +242,7 @@ public class TaskServiceImpl implements TaskService { new TaskCreatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } catch (PersistenceException e) { @@ -299,13 +298,13 @@ public class TaskServiceImpl implements TaskService { String workbasketId = resultTask.getWorkbasketSummary().getId(); List workbaskets = query.idIn(workbasketId).list(); if (workbaskets.isEmpty()) { - String currentUser = CurrentUserContext.getUserid(); + String currentUser = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); throw new NotAuthorizedException( "The current user " + currentUser + " has no read permission for workbasket " + workbasketId, - CurrentUserContext.getUserid()); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); } else { resultTask.setWorkbasketSummary(workbaskets.get(0)); } @@ -424,7 +423,7 @@ public class TaskServiceImpl implements TaskService { throws InvalidArgumentException, TaskNotFoundException, ConcurrencyException, NotAuthorizedException, AttachmentPersistenceException, InvalidStateException, ClassificationNotFoundException { - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); LOGGER.debug("entry to updateTask(task = {}, userId = {})", task, userId); TaskImpl newTaskImpl = (TaskImpl) task; TaskImpl oldTaskImpl; @@ -452,7 +451,7 @@ public class TaskServiceImpl implements TaskService { new TaskUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), changeDetails)); } @@ -816,7 +815,7 @@ public class TaskServiceImpl implements TaskService { new TaskCancelledEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), cancelledTask, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } finally { taskanaEngine.returnConnection(); @@ -844,7 +843,7 @@ public class TaskServiceImpl implements TaskService { new TaskTerminatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), terminatedTask, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } finally { @@ -910,7 +909,7 @@ public class TaskServiceImpl implements TaskService { taskanaEngine.openConnection(); Set adminAccessIds = taskanaEngine.getEngine().getConfiguration().getRoleMap().get(TaskanaRole.ADMIN); - if (adminAccessIds.contains(CurrentUserContext.getUserid())) { + if (adminAccessIds.contains(taskanaEngine.getEngine().getCurrentUserContext().getUserid())) { serviceLevelHandler.refreshPriorityAndDueDatesOfTasks( tasks, serviceLevelChanged, priorityChanged); } else { @@ -949,10 +948,10 @@ public class TaskServiceImpl implements TaskService { } else { List taskIds = existingTasks.stream().map(MinimalTaskSummary::getTaskId).collect(Collectors.toList()); - List accessIds = CurrentUserContext.getAccessIds(); + List accessIds = taskanaEngine.getEngine().getCurrentUserContext().getAccessIds(); List taskIdsNotAuthorizedFor = taskMapper.filterTaskIdsNotAuthorizedFor(taskIds, accessIds); - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); for (String taskId : taskIdsNotAuthorizedFor) { bulkLog.addError( taskId, @@ -1056,9 +1055,9 @@ public class TaskServiceImpl implements TaskService { if (!forced) { filteredSummaries = filteredSummaries.filter( - addErrorToBulkLog(TaskServiceImpl::checkPreconditionsForCompleteTask, bulkLog)); + addErrorToBulkLog(this::checkPreconditionsForCompleteTask, bulkLog)); } else { - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); filteredSummaries = filteredSummaries.filter( addErrorToBulkLog( @@ -1148,7 +1147,10 @@ public class TaskServiceImpl implements TaskService { task.setCompleted(now); task.setState(targetState); taskMapper.update(task); - LOGGER.debug("Task '{}' cancelled by user '{}'.", taskId, CurrentUserContext.getUserid()); + LOGGER.debug( + "Task '{}' cancelled by user '{}'.", + taskId, + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); return task; } @@ -1180,7 +1182,7 @@ public class TaskServiceImpl implements TaskService { private Task claim(String taskId, boolean forceClaim) throws TaskNotFoundException, InvalidStateException, InvalidOwnerException, NotAuthorizedException { - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); LOGGER.debug( "entry to claim(id = {}, userId = {}, forceClaim = {})", taskId, userId, forceClaim); TaskImpl task; @@ -1198,7 +1200,7 @@ public class TaskServiceImpl implements TaskService { new TaskClaimedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } finally { taskanaEngine.returnConnection(); @@ -1222,7 +1224,7 @@ public class TaskServiceImpl implements TaskService { task.setOwner(userId); } - private static void checkPreconditionsForClaimTask(TaskSummary task, boolean forced) + private void checkPreconditionsForClaimTask(TaskSummary task, boolean forced) throws InvalidStateException, InvalidOwnerException { TaskState state = task.getState(); if (!state.in(TaskState.READY, TaskState.CLAIMED)) { @@ -1231,7 +1233,7 @@ public class TaskServiceImpl implements TaskService { } if (!forced && state == TaskState.CLAIMED - && !task.getOwner().equals(CurrentUserContext.getUserid())) { + && !task.getOwner().equals(taskanaEngine.getEngine().getCurrentUserContext().getUserid())) { throw new InvalidOwnerException( String.format(TASK_WITH_ID_IS_ALREADY_CLAIMED_BY, task.getId(), task.getOwner())); } @@ -1250,23 +1252,29 @@ public class TaskServiceImpl implements TaskService { } } - private static void checkPreconditionsForCompleteTask(TaskSummary task) + private void checkPreconditionsForCompleteTask(TaskSummary task) throws InvalidStateException, InvalidOwnerException { if (taskIsNotClaimed(task)) { throw new InvalidStateException( String.format(TASK_WITH_ID_HAS_TO_BE_CLAIMED_BEFORE, task.getId())); - } else if (!CurrentUserContext.getAccessIds().contains(task.getOwner())) { + } else if (!taskanaEngine + .getEngine() + .getCurrentUserContext() + .getAccessIds() + .contains(task.getOwner())) { throw new InvalidOwnerException( String.format( "Owner of task %s is %s, but current user is %s ", - task.getId(), task.getOwner(), CurrentUserContext.getUserid())); + task.getId(), + task.getOwner(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } private Task cancelClaim(String taskId, boolean forceUnclaim) throws TaskNotFoundException, InvalidStateException, InvalidOwnerException, NotAuthorizedException { - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); LOGGER.debug( "entry to cancelClaim(taskId = {}), userId = {}, forceUnclaim = {})", taskId, @@ -1298,7 +1306,7 @@ public class TaskServiceImpl implements TaskService { new TaskClaimCancelledEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } finally { taskanaEngine.returnConnection(); @@ -1310,7 +1318,7 @@ public class TaskServiceImpl implements TaskService { private Task completeTask(String taskId, boolean isForced) throws TaskNotFoundException, InvalidOwnerException, InvalidStateException, NotAuthorizedException { - String userId = CurrentUserContext.getUserid(); + String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); LOGGER.debug( "entry to completeTask(id = {}, userId = {}, isForced = {})", taskId, userId, isForced); TaskImpl task; @@ -1339,7 +1347,7 @@ public class TaskServiceImpl implements TaskService { new TaskCompletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } } finally { taskanaEngine.returnConnection(); @@ -1491,7 +1499,7 @@ public class TaskServiceImpl implements TaskService { task1.setRead(false); task1.setTransferred(false); - String creator = CurrentUserContext.getUserid(); + String creator = taskanaEngine.getEngine().getCurrentUserContext().getUserid(); if (taskanaEngine.getEngine().getConfiguration().isSecurityEnabled() && creator == null) { throw new SystemException( "TaskanaSecurity is enabled, but the current UserId is NULL while creating a Task."); @@ -1553,7 +1561,12 @@ public class TaskServiceImpl implements TaskService { List updateClaimedTaskIds = new ArrayList<>(); List taskSummaryList = taskSummaries - .peek(summary -> completeActionsOnTask(summary, CurrentUserContext.getUserid(), now)) + .peek( + summary -> + completeActionsOnTask( + summary, + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), + now)) .peek(summary -> taskIds.add(summary.getId())) .peek( summary -> { @@ -1914,6 +1927,6 @@ public class TaskServiceImpl implements TaskService { new TaskCompletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_HISTORY_EVENT), task, - CurrentUserContext.getUserid()))); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()))); } } diff --git a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java index 62e2b83ec..25305919a 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java +++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java @@ -15,7 +15,6 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.TaskanaException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.spi.history.api.events.task.TaskTransferredEvent; import pro.taskana.spi.history.internal.HistoryEventManager; @@ -357,7 +356,7 @@ public class TaskTransferrer { currentTaskId, new NotAuthorizedException( "The workbasket of this task got not TRANSFER permissions. TaskId=" + currentTaskId, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); taskIdIterator.remove(); } } @@ -372,7 +371,7 @@ public class TaskTransferrer { task, oldWorkbasketSummary, newWorkbasketSummary, - CurrentUserContext.getUserid())); + taskanaEngine.getEngine().getCurrentUserContext().getUserid())); } private void updateTasksToBeTransferred( diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java index c573cf385..12bea0bc1 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java @@ -16,7 +16,6 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.SystemException; import pro.taskana.common.api.exceptions.TaskanaRuntimeException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.workbasket.api.WorkbasketCustomField; import pro.taskana.workbasket.api.WorkbasketPermission; import pro.taskana.workbasket.api.WorkbasketQuery; @@ -666,7 +665,7 @@ public class WorkbasketQueryImpl implements WorkbasketQuery { // might already be set by accessIdsHavePermission if (this.accessId == null) { String[] accessIds = new String[0]; - List ucAccessIds = CurrentUserContext.getAccessIds(); + List ucAccessIds = taskanaEngine.getEngine().getCurrentUserContext().getAccessIds(); if (!ucAccessIds.isEmpty()) { accessIds = ucAccessIds.toArray(accessIds); } diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java index 65161b3d9..1b3f1912a 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java @@ -21,7 +21,6 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.TaskanaException; import pro.taskana.common.internal.InternalTaskanaEngine; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.common.internal.util.ObjectAttributeChangeDetector; import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemCreatedEvent; @@ -163,7 +162,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketCreatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), newWorkbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } LOGGER.debug("Method createWorkbasket() created Workbasket '{}'", workbasket); @@ -216,7 +215,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasketToUpdate, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } LOGGER.debug( @@ -285,7 +284,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketAccessItemCreatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), wb, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } LOGGER.debug( @@ -345,7 +344,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketAccessItemUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } @@ -384,7 +383,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketAccessItemDeletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } @@ -413,7 +412,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { return; } - List accessIds = CurrentUserContext.getAccessIds(); + List accessIds = taskanaEngine.getEngine().getCurrentUserContext().getAccessIds(); WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketAndAccessId(workbasketId, accessIds); if (wbAcc == null) { @@ -423,7 +422,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { + "' on workbasket '" + workbasketId + "' is needed.", - CurrentUserContext.getUserid()); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); } List grantedPermissions = @@ -438,7 +437,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { + "' on workbasket '" + workbasketId + "' is needed.", - CurrentUserContext.getUserid()); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); } } } finally { @@ -464,7 +463,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { if (skipAuthorizationCheck(requestedPermissions)) { return; } - List accessIds = CurrentUserContext.getAccessIds(); + List accessIds = taskanaEngine.getEngine().getCurrentUserContext().getAccessIds(); WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketKeyDomainAndAccessId( workbasketKey, domain, accessIds); @@ -477,7 +476,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { + "' and domain '" + domain + "' is needed.", - CurrentUserContext.getUserid()); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); } List grantedPermissions = this.getPermissionsFromWorkbasketAccessItem(wbAcc); @@ -493,7 +492,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { + "' and domain '" + domain + "' is needed.", - CurrentUserContext.getUserid()); + taskanaEngine.getEngine().getCurrentUserContext().getUserid()); } } } finally { @@ -562,7 +561,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketAccessItemsUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } finally { @@ -594,7 +593,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { public List getPermissionsForWorkbasket(String workbasketId) { WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketAndAccessId( - workbasketId, CurrentUserContext.getAccessIds()); + workbasketId, taskanaEngine.getEngine().getCurrentUserContext().getAccessIds()); return this.getPermissionsFromWorkbasketAccessItem(wbAcc); } @@ -707,7 +706,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketDistributionTargetsUpdatedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), sourceWorkbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } @@ -757,7 +756,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketDistributionTargetAddedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), sourceWorkbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } LOGGER.debug( @@ -806,7 +805,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketDistributionTargetRemovedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } @@ -887,7 +886,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketDeletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasketToDelete, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } else { @@ -1040,7 +1039,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketAccessItemDeletedEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), details)); } } @@ -1212,7 +1211,7 @@ public class WorkbasketServiceImpl implements WorkbasketService { new WorkbasketMarkedForDeletionEvent( IdGenerator.generateWithPrefix(ID_PREFIX_WORKBASKET_HISTORY_EVENT), workbasket, - CurrentUserContext.getUserid(), + taskanaEngine.getEngine().getCurrentUserContext().getUserid(), null)); } } finally { diff --git a/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java index 95804aefd..b69014280 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/CompleteTaskAccTest.java @@ -17,7 +17,6 @@ import pro.taskana.common.api.BulkOperationResults; import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.TaskanaException; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; import pro.taskana.task.api.TaskService; @@ -160,7 +159,7 @@ class CompleteTaskAccTest extends AbstractAccTest { Task claimedTask = TASK_SERVICE.claim(createdTask.getId()); assertThat(claimedTask.getOwner()).isNotNull(); - assertThat(CurrentUserContext.getUserid()).isEqualTo(claimedTask.getOwner()); + assertThat(taskanaEngine.getCurrentUserContext().getUserid()).isEqualTo(claimedTask.getOwner()); assertThat(claimedTask.getClaimed()).isNotNull(); assertThat(before).isBeforeOrEqualTo(claimedTask.getClaimed()); assertThat(claimedTask.getCreated()).isBeforeOrEqualTo(claimedTask.getClaimed()); @@ -184,7 +183,8 @@ class CompleteTaskAccTest extends AbstractAccTest { Instant beforeForceClaim = Instant.now(); Task taskAfterClaim = TASK_SERVICE.forceClaim(createdTask.getId()); - assertThat(taskAfterClaim.getOwner()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(taskAfterClaim.getOwner()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(beforeForceClaim) .isBeforeOrEqualTo(taskAfterClaim.getModified()) .isBeforeOrEqualTo(taskAfterClaim.getClaimed()); diff --git a/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java index 2cbbeb22d..8481b88cf 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/CreateTaskAccTest.java @@ -18,7 +18,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.internal.TaskanaEngineProxy; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; import pro.taskana.task.api.TaskCustomField; @@ -70,7 +69,8 @@ class CreateTaskAccTest extends AbstractAccTest { Instant expectedPlanned = moveForwardToWorkingDay(createdTask.getCreated()); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(createdTask.getOwner()).isEqualTo("user-1-1"); assertThat(createdTask.getWorkbasketKey()).isEqualTo("USER-1-1"); assertThat(createdTask.getName()).isEqualTo("T-Vertragstermin VERA"); @@ -93,7 +93,7 @@ class CreateTaskAccTest extends AbstractAccTest { @Test void should_CreateTask_When_ObjectReferenceSystemAndSystemInstanceIsNull() throws Exception { - String currentUser = CurrentUserContext.getUserid(); + String currentUser = taskanaEngine.getCurrentUserContext().getUserid(); Task newTask = taskService.newTask("USER-1-1", "DOMAIN_A"); newTask.setClassificationKey("T2100"); @@ -104,7 +104,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); } @WithAccessId(user = "admin") @@ -113,7 +114,7 @@ class CreateTaskAccTest extends AbstractAccTest { void should_CreateTask_When_NoExplicitPermissionsButUserIsInAdministrativeRole() throws Exception { - String currentUser = CurrentUserContext.getUserid(); + String currentUser = taskanaEngine.getCurrentUserContext().getUserid(); Task newTask = taskService.newTask("USER-1-1", "DOMAIN_A"); newTask.setClassificationKey("T2100"); @@ -124,7 +125,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); } @WithAccessId(user = "user-1-1") @@ -140,7 +142,8 @@ class CreateTaskAccTest extends AbstractAccTest { Instant expectedPlanned = moveForwardToWorkingDay(createdTask.getCreated()); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(createdTask.getName()).isEqualTo("T-Vertragstermin VERA"); assertThat(createdTask.getPrimaryObjRef().getValue()).isEqualTo("1234567"); assertThat(createdTask.getExternalId()).isNotNull(); @@ -255,7 +258,8 @@ class CreateTaskAccTest extends AbstractAccTest { createObjectReference("COMPANY_A", "SYSTEM_A", "INSTANCE_A", "VNR", "1234567")); Task createdTask = taskService.createTask(newTask); assertThat(createdTask.getId()).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); // verify that the database content is as expected TaskanaEngineProxy engineProxy = new TaskanaEngineProxy(taskanaEngine); @@ -289,7 +293,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task readTask = taskService.getTask(createdTask.getId()); assertThat(readTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(readTask.getAttachments()).isNotNull(); assertThat(readTask.getAttachments()).hasSize(1); assertThat(readTask.getAttachments().get(0).getCreated()).isNotNull(); @@ -350,11 +355,13 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask.getId()).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); Task readTask = taskService.getTask(createdTask.getId()); assertThat(readTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(readTask.getAttachments()).isNotNull(); assertThat(readTask.getAttachments()).hasSize(2); assertThat(readTask.getAttachments().get(1).getCreated()).isNotNull(); @@ -401,11 +408,13 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask.getId()).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); Task readTask = taskService.getTask(createdTask.getId()); assertThat(readTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(readTask.getAttachments()).isNotNull(); assertThat(readTask.getAttachments()).hasSize(2); assertThat(readTask.getAttachments().get(1).getCreated()).isNotNull(); @@ -489,7 +498,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(createdTask.getName()).isEqualTo("Test Name"); } @@ -505,7 +515,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(createdTask.getPriority()).isEqualTo(2); } @@ -576,7 +587,8 @@ class CreateTaskAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(createdTask.getDomain()).isNotNull(); assertThat(createdTask.getDomain()).isEqualTo(workbasket.getDomain()); } diff --git a/lib/taskana-core/src/test/java/acceptance/task/SelectAndClaimTaskAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/SelectAndClaimTaskAccTest.java index bda1e4b0e..627a1a7d4 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/SelectAndClaimTaskAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/SelectAndClaimTaskAccTest.java @@ -18,7 +18,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import pro.taskana.common.api.BaseQuery.SortDirection; import pro.taskana.common.api.exceptions.SystemException; -import pro.taskana.common.internal.security.UserPrincipal; +import pro.taskana.common.api.security.UserPrincipal; import pro.taskana.common.internal.util.CheckedConsumer; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; diff --git a/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskAttachmentsAccTest.java b/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskAttachmentsAccTest.java index 4118fb565..dd277d189 100644 --- a/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskAttachmentsAccTest.java +++ b/lib/taskana-core/src/test/java/acceptance/task/UpdateTaskAttachmentsAccTest.java @@ -15,7 +15,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import pro.taskana.classification.api.models.Classification; import pro.taskana.classification.api.models.ClassificationSummary; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; import pro.taskana.task.api.TaskService; @@ -441,13 +440,15 @@ class UpdateTaskAttachmentsAccTest extends AbstractAccTest { Task createdTask = taskService.createTask(newTask); assertThat(createdTask.getId()).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); createdTask .getAttachments() .forEach(at -> assertThat(createdTask.getModified()).isEqualTo(at.getModified())); Task readTask = taskService.getTask(createdTask.getId()); assertThat(readTask).isNotNull(); - assertThat(createdTask.getCreator()).isEqualTo(CurrentUserContext.getUserid()); + assertThat(createdTask.getCreator()) + .isEqualTo(taskanaEngine.getCurrentUserContext().getUserid()); assertThat(readTask.getAttachments()).isNotNull(); assertThat(readTask.getAttachments()).hasSize(2); assertThat(readTask.getAttachments().get(1).getCreated()).isNotNull(); diff --git a/lib/taskana-core/src/test/java/pro/taskana/ArchitectureTest.java b/lib/taskana-core/src/test/java/pro/taskana/ArchitectureTest.java index 290d89398..6a23cd6be 100644 --- a/lib/taskana-core/src/test/java/pro/taskana/ArchitectureTest.java +++ b/lib/taskana-core/src/test/java/pro/taskana/ArchitectureTest.java @@ -63,8 +63,6 @@ class ArchitectureTest { ArchRule myRule = classes() .that() - .haveSimpleNameNotEndingWith("TaskanaHistoryEvent") - .and() .resideInAPackage("..api..") .should() .onlyDependOnClassesThat() diff --git a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskQueryImplTest.java b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskQueryImplTest.java index 28f03466e..de0b4fb49 100644 --- a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskQueryImplTest.java +++ b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskQueryImplTest.java @@ -15,6 +15,7 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import pro.taskana.common.api.TaskanaEngine; +import pro.taskana.common.api.security.CurrentUserContext; import pro.taskana.common.internal.InternalTaskanaEngine; import pro.taskana.common.internal.configuration.DB; import pro.taskana.task.api.TaskState; @@ -31,15 +32,18 @@ class TaskQueryImplTest { @Mock TaskServiceImpl taskServiceMock; - private TaskQueryImpl taskQueryImpl; @Mock private InternalTaskanaEngine internalTaskanaEngine; @Mock private TaskanaEngine taskanaEngine; @Mock private SqlSession sqlSession; + @Mock private CurrentUserContext currentUserContext; + + private TaskQueryImpl taskQueryImpl; @BeforeEach void setup() { when(internalTaskanaEngine.getEngine()).thenReturn(taskanaEngine); when(taskanaEngine.getTaskService()).thenReturn(taskServiceMock); + when(taskanaEngine.getCurrentUserContext()).thenReturn(currentUserContext); Configuration configuration = new org.apache.ibatis.session.Configuration(); configuration.setDatabaseId(DB.H2.dbProductId); diff --git a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntAutocommitTest.java b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntAutocommitTest.java index 018605b99..6225f7e70 100644 --- a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntAutocommitTest.java +++ b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntAutocommitTest.java @@ -23,7 +23,6 @@ import pro.taskana.common.api.TaskanaEngine.ConnectionManagementMode; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.internal.TaskanaEngineImpl; import pro.taskana.common.internal.TaskanaEngineTestConfiguration; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; @@ -234,7 +233,7 @@ class TaskServiceImplIntAutocommitTest { @WithAccessId(user = "user-1-1", groups = "businessadmin") @Test void shouldNotTransferByFailingSecurity() throws Exception { - final String user = CurrentUserContext.getUserid(); + final String user = taskanaEngine.getCurrentUserContext().getUserid(); // Set up Security for this Test DataSource dataSource = TaskanaEngineTestConfiguration.getDataSource(); diff --git a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntExplicitTest.java b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntExplicitTest.java index 48b26536f..91a451494 100644 --- a/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntExplicitTest.java +++ b/lib/taskana-core/src/test/java/pro/taskana/task/internal/TaskServiceImplIntExplicitTest.java @@ -27,7 +27,6 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.internal.TaskanaEngineImpl; import pro.taskana.common.internal.TaskanaEngineTestConfiguration; import pro.taskana.common.internal.configuration.DbSchemaCreator; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.internal.util.IdGenerator; import pro.taskana.common.test.security.JaasExtension; import pro.taskana.common.test.security.WithAccessId; @@ -193,7 +192,7 @@ class TaskServiceImplIntExplicitTest { wb = workbasketService.createWorkbasket(wb); workbasketService.createWorkbasketAccessItem( this.createWorkbasketWithSecurity( - wb, CurrentUserContext.getUserid(), true, true, true, false)); + wb, taskanaEngine.getCurrentUserContext().getUserid(), true, true, true, false)); Classification classification = classificationService.newClassification( UUID.randomUUID().toString(), wb.getDomain(), "t1"); // not persisted, @@ -263,7 +262,7 @@ class TaskServiceImplIntExplicitTest { @Test void shouldTransferTaskToOtherWorkbasket() throws Exception { final int sleepTime = 100; - final String user = CurrentUserContext.getUserid(); + final String user = taskanaEngine.getCurrentUserContext().getUserid(); try (Connection connection = dataSource.getConnection()) { taskanaEngineImpl.setConnection(connection); diff --git a/lib/taskana-core/src/test/java/pro/taskana/workbasket/internal/WorkbasketQueryImplTest.java b/lib/taskana-core/src/test/java/pro/taskana/workbasket/internal/WorkbasketQueryImplTest.java index e5aa81e1e..5238e95a7 100644 --- a/lib/taskana-core/src/test/java/pro/taskana/workbasket/internal/WorkbasketQueryImplTest.java +++ b/lib/taskana-core/src/test/java/pro/taskana/workbasket/internal/WorkbasketQueryImplTest.java @@ -15,6 +15,7 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import pro.taskana.common.api.TaskanaEngine; +import pro.taskana.common.api.security.CurrentUserContext; import pro.taskana.common.internal.InternalTaskanaEngine; import pro.taskana.workbasket.api.models.WorkbasketSummary; import pro.taskana.workbasket.internal.models.WorkbasketSummaryImpl; @@ -35,9 +36,12 @@ class WorkbasketQueryImplTest { @Mock private SqlSession sqlSession; + @Mock private CurrentUserContext currentUserContext; + @BeforeEach void setup() { when(internalTaskanaEngine.getEngine()).thenReturn(taskanaEngine); + when(taskanaEngine.getCurrentUserContext()).thenReturn(currentUserContext); } @Test diff --git a/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/jobs/JobScheduler.java b/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/jobs/JobScheduler.java index 83b9f87d2..7d6f56fd7 100644 --- a/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/jobs/JobScheduler.java +++ b/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/jobs/JobScheduler.java @@ -17,8 +17,8 @@ import org.springframework.stereotype.Component; import pro.taskana.common.api.ScheduledJob.Type; import pro.taskana.common.api.TaskanaEngine; import pro.taskana.common.api.TaskanaRole; +import pro.taskana.common.api.security.UserPrincipal; import pro.taskana.common.internal.jobs.JobRunner; -import pro.taskana.common.internal.security.UserPrincipal; import pro.taskana.common.internal.transaction.TaskanaTransactionProvider; import pro.taskana.task.internal.jobs.TaskCleanupJob; import pro.taskana.workbasket.internal.jobs.WorkbasketCleanupJob; @@ -28,8 +28,15 @@ import pro.taskana.workbasket.internal.jobs.WorkbasketCleanupJob; public class JobScheduler { private static final Logger LOGGER = LoggerFactory.getLogger(JobScheduler.class); - @Autowired TaskanaTransactionProvider springTransactionProvider; - @Autowired private TaskanaEngine taskanaEngine; + private final TaskanaTransactionProvider springTransactionProvider; + private final TaskanaEngine taskanaEngine; + + @Autowired + public JobScheduler( + TaskanaTransactionProvider springTransactionProvider, TaskanaEngine taskanaEngine) { + this.springTransactionProvider = springTransactionProvider; + this.taskanaEngine = taskanaEngine; + } @PostConstruct public void scheduleCleanupJob() @@ -64,24 +71,19 @@ public class JobScheduler { * Creates an admin subject and runs the job using the subject. */ private void runAsyncJobsAsAdmin() throws PrivilegedActionException { - Subject.doAs( - getAdminSubject(), - new PrivilegedExceptionAction() { - - @Override - public Object run() throws Exception { - - try { - JobRunner runner = new JobRunner(taskanaEngine); - runner.registerTransactionProvider(springTransactionProvider); - LOGGER.info("Running Jobs"); - runner.runJobs(); - return "Successful"; - } catch (Throwable e) { - throw new Exception(e); - } + PrivilegedExceptionAction jobs = + () -> { + try { + JobRunner runner = new JobRunner(taskanaEngine); + runner.registerTransactionProvider(springTransactionProvider); + LOGGER.info("Running Jobs"); + runner.runJobs(); + return "Successful"; + } catch (Throwable e) { + throw new Exception(e); } - }); + }; + Subject.doAs(getAdminSubject(), jobs); } private Subject getAdminSubject() { diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java index 098fbbc02..f14be9f96 100644 --- a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java +++ b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java @@ -12,7 +12,7 @@ import org.wildfly.security.auth.server.SecurityDomain; import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.authz.Roles; -import pro.taskana.common.internal.security.GroupPrincipal; +import pro.taskana.common.api.security.GroupPrincipal; /** Simple Filter to map all Elytron Roles to JAAS-Principals. */ public class ElytronToJaasFilter extends GenericFilterBean { diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/TaskanaEngineController.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/TaskanaEngineController.java index 69613ca6d..e1fec008b 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/TaskanaEngineController.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/TaskanaEngineController.java @@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.RestController; import pro.taskana.TaskanaEngineConfiguration; import pro.taskana.common.api.TaskanaEngine; import pro.taskana.common.api.TaskanaRole; -import pro.taskana.common.internal.security.CurrentUserContext; import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel; import pro.taskana.common.rest.models.VersionRepresentationModel; @@ -90,8 +89,8 @@ public class TaskanaEngineController { public ResponseEntity getCurrentUserInfo() { LOGGER.debug("Entry to getCurrentUserInfo()"); TaskanaUserInfoRepresentationModel resource = new TaskanaUserInfoRepresentationModel(); - resource.setUserId(CurrentUserContext.getUserid()); - resource.setGroupIds(CurrentUserContext.getGroupIds()); + resource.setUserId(taskanaEngine.getCurrentUserContext().getUserid()); + resource.setGroupIds(taskanaEngine.getCurrentUserContext().getGroupIds()); for (TaskanaRole role : taskanaEngineConfiguration.getRoleMap().keySet()) { if (taskanaEngine.isUserInRole(role)) { resource.getRoles().add(role); diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/security/SpringSecurityToJaasFilter.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/security/SpringSecurityToJaasFilter.java index 8f981bbf5..5494aec5d 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/security/SpringSecurityToJaasFilter.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/security/SpringSecurityToJaasFilter.java @@ -16,8 +16,8 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.filter.GenericFilterBean; import pro.taskana.common.api.exceptions.SystemException; -import pro.taskana.common.internal.security.GroupPrincipal; -import pro.taskana.common.internal.security.UserPrincipal; +import pro.taskana.common.api.security.GroupPrincipal; +import pro.taskana.common.api.security.UserPrincipal; /** Simple Filter to map all Spring Security Roles to JAAS-Principals. */ public class SpringSecurityToJaasFilter extends GenericFilterBean { diff --git a/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/TaskanaEngineControllerIntTest.java b/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/TaskanaEngineControllerIntTest.java index 6654fe6f7..5d1a54ea7 100644 --- a/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/TaskanaEngineControllerIntTest.java +++ b/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/TaskanaEngineControllerIntTest.java @@ -68,6 +68,7 @@ class TaskanaEngineControllerIntTest { HttpMethod.GET, restHelper.defaultRequest(), ParameterizedTypeReference.forType(TaskanaUserInfoRepresentationModel.class)); + assertThat(response.getBody()).isNotNull(); assertThat(response.getBody().getUserId()).isEqualTo("teamlead-1"); assertThat(response.getBody().getGroupIds()) .contains("cn=business-admins,cn=groups,ou=test,o=taskana");