Bug 1312742 - Not able to claim human task through Remote REST API's. [NEEDINFO]
Not able to claim human task through Remote REST API's.
Product: JBoss BPMS Platform 6
Classification: JBoss
Component: Business Central (Show other bugs)
Unspecified Unspecified
urgent Severity high
: ---
: ---
Assigned To: Maciej Swiderski
Lukáš Petrovický
Depends On:
Blocks: 1313328
  Show dependency treegraph
Reported: 2016-02-29 02:29 EST by Abhijit humbe
Modified: 2016-05-16 12:31 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1313328 (view as bug list)
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
abhumbe: needinfo-
abhumbe: needinfo? (mswiders)

Attachments (Terms of Use)
reproducer (24.84 KB, application/zip)
2016-03-03 09:27 EST, Abhijit humbe
no flags Details

  None (edit)
Description Abhijit humbe 2016-02-29 02:29:14 EST
Description of problem:
If human task is assigned to group(Group1) and user "User1" is part of Group1. User1 is able to claim and complete human task through console without any issue. But it fails with permission denied exception when we try to claim task through Remote REST API. It fails with same exception with /execute endpoint as well.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create process with Human Task which is assigned to Group. 
2. Start process and try to claim Task which is part of assigned Group, through Remote REST API or through /execute endpoint.
3. It fails with exception:
PermissionDeniedException thrown with message 'User '[UserImpl:'User1']' does not have permissions to execute operation 'Claim' on task id 15

Actual results:
User is not able to claim task through Remote REST API or through /execute endpoint.

Expected results:
User should be able to claim task through Remote REST API or through /execute endpoint.

Additional info:
Comment 2 Marco Rietveld 2016-03-02 07:46:47 EST
Could QA or Abhijit provide a (psuedo)reproducer, including the following: 

1. (bpmn2) process definition
2. URL's or otherwise java code that show the operations that fail. 
3. The stack trace generated as well as other information about the error's returned. 

The problem seems to be fairly straightforward, but providing this information gives me a good basis on which to figure out the problem, and also makes sure that I don't waste time searching for the actual problem. 

Comment 3 Lukáš Petrovický 2016-03-02 07:56:07 EST
Leaving this to Abhijit, as he's the original reporter and therefore has the most information about this.
Comment 4 Abhijit humbe 2016-03-03 09:26:44 EST
Hi all,
Reproducer with complete stack trace attached.
Comment 5 Abhijit humbe 2016-03-03 09:27 EST
Created attachment 1132808 [details]
Comment 6 Maciej Swiderski 2016-03-15 14:13:22 EDT
I believe we have bit of misunderstanding here. When looking at the reproducer you use two users:
- first bpmsAdmin that is used for authentication
- user1 that you try to claim task for

this won't work out of the box as always user that is authenticated is used for performing task service operations. Thus when using bpmsAdmin (which most likely is not member of the group) is not allowed to perform the operation.

You might take a look at this BZ-1310510 that will allow you to use the given user instead of authenticated user.

I suggest to close it as it's not a bug but expected behavior.
Comment 7 Abhijit humbe 2016-05-10 09:08:55 EDT
Hi Maciej,

user1 should be able to claim task if we are using -Dorg.kie.task.insecure=true option. what you think on this ?

Note You need to log in before you can comment on or make changes to this bug.