-
Task
-
Resolution: Done
-
Major
-
7.0
-
None
-
GA
-
2019 Week 41-43 (from Okt 7), 2019 Week 44-46 (from Okt 28), 2019 Week 47-49 (from Nov 18), 2019 Week 50-52 (from Dec 9), 2020 Week 04-06 (from Jan 20), 2020 Week 07-09 (from Feb 10), 2020 Week 10-12 (from Mar 2), 2020 Week 13-15 (from Mar 23), 2020 Week 16-18 (from Apr 13), 2020 Week 22-24 (from May 25)
-
3
With introduction of SLA in BAPL-290 a new system "superuser" has been introduced called unknown. This user is authorized to perform any action possible on case instances. The user can add tasks, modify case instances, add comments, close/reopen case instances etc. The purpose of addition of this user was that when there is nobody logged in to KIE Server and SLA violation listener which modifies case instance is run, it has to be able to perform all desired changes on the case instance. In that case KIE Server's JACCIdentityProvider#getNameFromAdapter() method will return unknown as a "logged in" user. By skipping authentication checks for this "unknown" user KIE Server and jBPM engine are able to perform all steps defined in SLA listener.
Therefore, it must be clearly stated in documentation that no user with name unknown should be created in jBPM engine or KIE Server. Otherwise, this (now a physical person let's say) user would be able to perform any operation on any case instance without proper authorization.