Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.13.0.GA
Affects Version/s: 7.11.1.GA
Component/s: jBPM Core
Labels:
- support

Blocked:
False
Ready:
False
Fix Build:
ER1
QE Test Coverage:
+
Target Release:

7.13.0.GA
Git Pull Request:
https://github.com/kiegroup/droolsjbpm-integration/pull/2681, https://github.com/kiegroup/droolsjbpm-integration/pull/2686
Steps to Reproduce:

Hide

1) Download the reproducer from the attachment.

2) Open "createprocess.sh" and update required config details like project location, host, port, credentials etc.

4) Run "createprocess.sh" script, confirm script is executed successfully and potential owners are fetched for different scenarios.

5) GetTasksbypotentialowners returns incorrect results.

Show
1) Download the reproducer from the attachment . 2) Open "createprocess.sh" and update required config details like project location, host, port, credentials etc. 4) Run "createprocess.sh" script, confirm script is executed successfully and potential owners are fetched for different scenarios. 5) GetTasksbypotentialowners returns incorrect results.

Sprint:
2021 Week 49-51 (from Dec 6th), 2022 Week 02-04 (from Jan 10)

SFDC Cases Counter:
SFDC Cases Links:

Description

1) Observed incorrect behavior for User Task operations when "org.kie.server.bypass.auth.user" property is set to true with default usergroupcallback implementation "JAASUserGroupCallbackImpl".

2) The search behavior is different for users compared to groups in such cases. Tested for the endpoint "/kie-server/services/rest/server/queries/tasks/instances/pot-owners?user=

{user}

for example
-----------------

1) If there are 2 tasks, one with a user (eg-: testuser) as potential owner and other with a group (testgroup) as potential owner. Here is testuser belongs to testgroup.

Task 1 -: potential owner testuser

Task 2 -: potential owner testgroup

Then

Scenario 1
-----------------
If I authenticate with a different user (for eg -: rhpamAdmin) and send "testUser '' as a query parameter then it only fetches "task1". "Task 2" is not fetched.

~~~~
2021-12-15 00:17:12,099 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'testuser'
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject rhpamAdmin
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) rhpamAdmin Roles name Roles
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name admin
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,113 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 1 tasks for user 'testuser' assigned as potential owner
~~~

Scenario 2
-----------------
If I authenticate with a "testuser" user and send any random user as a query parameter then it only fetches "task2". "Task 1" is ignored.

~~~
2021-12-15 00:17:12,141 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'rhpamAdmin'
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject testuser
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) testuser Roles name Roles
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name test_group
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,143 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 1 tasks for user 'rhpamAdmin' assigned as potential owner
~~~

Scenario 3
-----------------
If I authenticate with a "testuser" user and send "testUser '' as a query parameter also then it fetches both "task1 & task2". Only scenario 3 gives correct results.

~~~
2021-12-15 00:17:12,156 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'testuser'
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject testuser
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) testuser Roles name Roles
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name test_group
2021-12-15 00:17:12,157 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,157 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,163 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 2 tasks for user 'testuser' assigned as potential owner
~~~

It seems like the user search is done on the basis of query parameter [1] whereas group search is done on the basis of the authenticated user [2].

[1] https://github.com/kiegroup/jbpm/blob/main/jbpm-services/jbpm-kie-services/src/main/java/org/jbpm/kie/services/impl/RuntimeDataServiceImpl.java#L860

[2] https://github.com/kiegroup/jbpm/blob/main/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/JAASUserGroupCallbackImpl.java#L117

Attachments

Issue Links

is cloned by

JBPM-9987 Incorrect response for REST service when "org.kie.server.bypass.auth.user" used with JAASUserGroupCallbackImpl

Resolved

relates to

RHPAM-4136 Incorrect groups are returned when "org.kie.server.bypass.auth.user" is set and JAASUserGroupCallbackImpl is used

Closed

Activity

People

Assignee:: Enrique Gonzalez Martinez (Inactive)

Reporter:: Sudhish Nair

Tester:: Gonzalo Muñoz Fernández

QA Contact:: Gonzalo Muñoz Fernández

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2021/12/15 2:26 PM

Updated:: 2024/02/12 9:18 AM

Resolved:: 2022/03/16 10:37 AM