Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8751

Increment Retries of failed External Task without authorization

XMLWordPrintable

      1. Scenario:
      • Me, as an user, has only permissions to read a process instance.
      • There exist an incident on an external task (retries are zero)
      • Me tries to update the retries via cockpit.
      • Cockpit shows me the message Finished : Incrementing the number of retries finished successfully.
      • But in the console I see: 
        16-Feb-2018 08:30:32.770 WARNING [http-nio-8080-exec-11] org.camunda.bpm.engine.rest.exception.ProcessEngineExceptionHandler.toResponse org.camunda.bpm.engine.AuthorizationException: The user with id 'john' does not have one of the following permissions: 'UPDATE' permission on resource 'fb1a12f2-12e9-11e8-ba9c-0242debfd039' of type 'ProcessInstance' or 'UPDATE_INSTANCE' permission on resource 'Process_1' of type 'ProcessDefinition'
        at org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager.checkAuthorization(AuthorizationManager.java:232)
        at org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager.checkAuthorization(AuthorizationManager.java:189)
        at org.camunda.bpm.engine.impl.cfg.auth.AuthorizationCommandChecker.checkUpdateProcessInstance(AuthorizationCommandChecker.java:204)
        at org.camunda.bpm.engine.impl.cfg.auth.AuthorizationCommandChecker.checkUpdateProcessInstanceById(AuthorizationCommandChecker.java:178)
        at org.camunda.bpm.engine.impl.cmd.ExternalTaskCmd.execute(ExternalTaskCmd.java:55)
        at org.camunda.bpm.engine.impl.cmd.ExternalTaskCmd.execute(ExternalTaskCmd.java:34)
        at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:24)
        at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:104)
        at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:66)
        at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:30)
        at org.camunda.bpm.engine.impl.ExternalTaskServiceImpl.setRetries(ExternalTaskServiceImpl.java:69)
        at org.camunda.bpm.engine.impl.ExternalTaskServiceImpl.setRetries(ExternalTaskServiceImpl.java:86)
        at org.camunda.bpm.engine.rest.sub.externaltask.impl.ExternalTaskResourceImpl.setRetries(ExternalTaskResourceImpl.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167)
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
        at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:159)
        at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:107)
        at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:154)
        at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:92)
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.camunda.bpm.engine.rest.filter.CacheControlFilter.doFilter(CacheControlFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.camunda.bpm.engine.rest.filter.EmptyBodyFilter.doFilter(EmptyBodyFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.camunda.bpm.webapp.impl.security.filter.SecurityFilter.doFilterSecure(SecurityFilter.java:67)
        at org.camunda.bpm.webapp.impl.security.filter.SecurityFilter.doFilter(SecurityFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter$1.execute(AuthenticationFilter.java:58)
        at org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter$1.execute(AuthenticationFilter.java:56)
        at org.camunda.bpm.webapp.impl.security.SecurityActions.runWithAuthentications(SecurityActions.java:40)
        at org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:56)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
      1. How to reproduce
      • Run tomcat 7.8.1
      • create the exampleWarProject and deploy it
      • Login as demo
      • Adjust Permissions for sales group:
        • Sales group needs to have access to cockpit
        • On Process definition level they need READ, READ_INSTANCE, READ_HISTORY permission
        • On process instance level they need READ permission
      • start process with Demo user
      • fetchAndLock the ExternalTask and call handleFailure with 0 retries (via REST)
      • login with john
      • open cockpit and try to resolve incident with updating retries
      • successful message is shown and error is printed in the log (server/apache-tomcat-8.0.47/logs/catalina.out)

        This is the controller panel for Smart Panels app

          1. exampleWarProject.zip
            1.37 MB
          2. screen.jpg
            screen.jpg
            21 kB

              michael.schoettes Michael Schoettes
              christopher.zell Christopher Kujawa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: