-
Bug
-
Resolution: Done
-
Major
-
7.11.1.GA
-
False
-
False
-
-
-
-
-
-
ER1
-
+
-
-
-
2021 Week 49-51 (from Dec 6th), 2022 Week 02-04 (from Jan 10)
1) Observed incorrect behavior for User Task operations when "org.kie.server.bypass.auth.user" property is set to true with default usergroupcallback implementation "JAASUserGroupCallbackImpl".
2) The search behavior is different for users compared to groups in such cases. Tested for the endpoint "/kie-server/services/rest/server/queries/tasks/instances/pot-owners?user=
{user}".
for example
-----------------
1) If there are 2 tasks, one with a user (eg-: testuser) as potential owner and other with a group (testgroup) as potential owner. Here is testuser belongs to testgroup.
Task 1 -: potential owner testuser
Task 2 -: potential owner testgroup
Then
Scenario 1
-----------------
If I authenticate with a different user (for eg -: rhpamAdmin) and send "testUser '' as a query parameter then it only fetches "task1". "Task 2" is not fetched.
~~~~
2021-12-15 00:17:12,099 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'testuser'
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject rhpamAdmin
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) rhpamAdmin Roles name Roles
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name admin
2021-12-15 00:17:12,100 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,113 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 1 tasks for user 'testuser' assigned as potential owner
~~~
Scenario 2
-----------------
If I authenticate with a "testuser" user and send any random user as a query parameter then it only fetches "task2". "Task 1" is ignored.
~~~
2021-12-15 00:17:12,141 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'rhpamAdmin'
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject testuser
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) testuser Roles name Roles
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name test_group
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,141 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,143 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 1 tasks for user 'rhpamAdmin' assigned as potential owner
~~~
Scenario 3
-----------------
If I authenticate with a "testuser" user and send "testUser '' as a query parameter also then it fetches both "task1 & task2". Only scenario 3 gives correct results.
~~~
2021-12-15 00:17:12,156 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) About to search for task assigned as potential owner for user 'testuser'
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Adding roles from JAAS subject testuser
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) testuser Roles name Roles
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles Roles name Roles
2021-12-15 00:17:12,156 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name test_group
2021-12-15 00:17:12,157 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name kie-server
2021-12-15 00:17:12,157 DEBUG [org.jbpm.services.task.identity.JAASUserGroupCallbackImpl] (default task-4) Roles name rest-all
2021-12-15 00:17:12,163 DEBUG [org.kie.server.services.jbpm.RuntimeDataServiceBase] (default task-4) Found 2 tasks for user 'testuser' assigned as potential owner
~~~
It seems like the user search is done on the basis of query parameter [1] whereas group search is done on the basis of the authenticated user [2].
- is cloned by
-
JBPM-9987 Incorrect response for REST service when "org.kie.server.bypass.auth.user" used with JAASUserGroupCallbackImpl
- Resolved
- relates to
-
RHPAM-4136 Incorrect groups are returned when "org.kie.server.bypass.auth.user" is set and JAASUserGroupCallbackImpl is used
- Closed