executing claim rest call on JBPM return PermissionDeniedException

1.2k views Asked by At

I'm a JBPM newbie and I recently started playing with jBPM Workbench Showcase Docker image, and more specifically the hiring process. Everything works fine on the console, But when I tried to use JBPM rest API to control the process I got a PermissionDeniedException.

The error occurs when I want to claim a task using [POST] /task/{taskId}/claim. I got the following exception:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <exception>
              <status>FAILURE</status>
              <url>http://localhost:8080/jbpm-console/rest/task/1/claim</url>
              <message>PermissionDeniedException thrown with message 'User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1'</message>
              <stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:418)
            at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:425)
            at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(Unknown Source)
            at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600)
            at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182)
            at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(Unknown Source)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:498)
            at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
            at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
            at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:67)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:78)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
            at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
            at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
            at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
            at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
            at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
            at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
            at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
            at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
            at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
            at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
            at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
            at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
            at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
            at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
            at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
            at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            at java.lang.Thread.run(Thread.java:748)
          Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
            at org.jbpm.services.task.impl.TaskInstanceServiceImpl.claim(TaskInstanceServiceImpl.java:154)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:52)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:33)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40)
            at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:157)
            at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:851)
            at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:952)
            at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(Unknown Source)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:410)
            ... 62 more
          </stackTrace>
          </exception>

The thing I dont understand, I'm trying to claim the task using the user katy, but the error shows the the user admin does not have permission! enter image description here

2

There are 2 answers

3
Abhijit Humbe On BEST ANSWER

Looking at the exception it looks like 'admin' user is not part of group to which HumanTask is assigned. Only PotentialOwners of task can perform task operation. Check Task assignments and accordingly to that use correct user to perform task operation

0
Jaskaran Singh On

I have faced the similar issue with the JBPM. It was a configuration for JbossEAP that was caching the credentials of the first user that logs into the application.Therfore, JBPM was using the same credentials to perform tasks operations for other users as well.

I removed the cache-type="default" in <security-domain name="name" cache-type="default"> tag in standalone.xml. It worked for me