Bug 994905
Summary: | A task operation is performed via REST API under anonymous user even though the user has set credentials | ||
---|---|---|---|
Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Ivo Bek <ibek> |
Component: | Business Central | Assignee: | Marco Rietveld <mrietvel> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ivo Bek <ibek> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.0 | CC: | ibek, kverlaen, mbaluch, rrajasek, smcgowan |
Target Milestone: | ER4 | Keywords: | Reopened |
Target Release: | 6.0.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-08-06 20:09:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivo Bek
2013-08-08 08:44:28 UTC
Ivo, Could you provide some more information? The bug description is unclear to me. I can imagine that it seems more than obvious to you what the problem is, but unfortunately I end up working on lots of different things during a week so that it takes me longer to get up to speed on exactly what the problem is. :) If you could fill in the questions posed by bugzilla (steps to reproducde, actual results, etc.), that would be great! Thanks!! Hi Marco, after a further investigation I noticed that the issue (task is not started via REST API) only happen when I use REST-Easy client this way: DefaultHttpClient httpClient = new DefaultHttpClient(); httpClient.getCredentialsProvider().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), new UsernamePasswordCredentials(userId, password)); ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient); return new ClientRequestFactory(clientExecutor, ResteasyProviderFactory.getInstance()); I also tried REST client integrated in browser where the task execution works. Did you see the email with subject "Task operation identity issue" I sent you Aug 08? There are more details and links to our test suite. Steps to Reproduce: 1. Start a process with human task 2. Start the task via REST API programmatically 3. See PermissionDeniedException in the server log containing "User '[UserImpl:'Anonymous']' does not have permissions to execution operation 'Start' on task id 1" Seems it could be a similar problem as it is here BZ 986208, describing the last comments. It's no longer possible to authenticate against the server in the way described above. I've verified this with the following code (that connects to a running BPMS server with the Evaluation example deployed and with a user "mary" added to the server: https://github.com/droolsjbpm/droolsjbpm-integration/blob/6.0.x/kie-remote/kie-services-client/src/test/java/org/kie/services/client/api/LiveServerTest.java See the anonymousTaskInitiatorTest() test method in the above class. Verified with this commit: https://github.com/droolsjbpm/droolsjbpm-integration/commit/900fa45bb1f37f6d7a5b3e5dc7c1689ed3169c96 Ivo, Would it be okay to mark this bug as CLOSED/WORKSFORME? (or maybe CLOSED/NOTABUG?). I think that these commits are largely responsible for the change/fix: https://github.com/droolsjbpm/uberfire/commit/5540d97 https://github.com/droolsjbpm/kie-wb-distributions/commit/5878cb7c24cdfed965609cbce727cd02f282977c These changes allowed us to use BASIC authentication with the normal web.xml (formerly, we had to use FORM authentication when the UI was active, now we can use FORM for the UI while simultaneously using BASIC for the rest services.) Oops, wrong BZ. :( Hi Marco, I think it would be better to change it to modified status and then on_qa because I'd like to verify it against BPMS 6.0.0.er4. In BPMS 6.0.0.er3 it still doesn't work. org.jboss.resteasy.spi.UnauthorizedException: User '[UserImpl:'Anonymous']' does not have permissions to execution operation 'Start' on task id 18 Setting to modified as suggested. Verified in BPMS 6.0.0.ER4 |