Skipping a User Task does not work in BPMS 6.2 if the authenticated user is assigned to 'admin' role
Issue
- The requirement behind using skipping tasks in
BPMN2
processes is to skip aUser Task
if noActor
orGroup
was assigned andskippable
flag istrue
for theUser Task
. In this case process flow should not go to theUser Task
of the node and should be skipped. However using the followingREST API
of skipping aUser Task
with a user credential who has been assigned toadmin
role insideapplication-roles.properties
file, it does not work. It is expected that having assigned the role ofadmin
to the user , it should enable it to perform administrative operations onUser Task
, e.g. Skip etc.
http://10.10.10.10:8080/business-central/rest/task/1234/skip
This is the list of roles assigned to the user who was used to access the REST URL:
bpmsAdmin=analyst,user,admin,kie-server,rest-all
- This is the response received after the REST call.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<exception>
<status>FAILURE</status>
<url>http://10.10.10.10:8080/business-central/rest/task/1234/skip </url>
<message>PermissionDeniedException thrown with message 'User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234'</message>
<stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234
at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151)
at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:419)
at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:426)
at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(ProcessRequestBean$Proxy$_$$_WeldClientProxy.java)
at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600)
at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182)
at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(TaskResourceImpl$Proxy$_$$_WeldClientProxy.java)
at sun.reflect.GeneratedMethodAccessor277.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216)
at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:45)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:420)
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:400)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234
at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
at org.jbpm.services.task.impl.TaskInstanceServiceImpl.skip(TaskInstanceServiceImpl.java:293)
at org.jbpm.services.task.commands.SkipTaskCommand.execute(SkipTaskCommand.java:53)
at org.jbpm.services.task.commands.SkipTaskCommand.execute(SkipTaskCommand.java:34)
at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82)
at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40)
at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:156)
at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:865)
at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:923)
at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.java)
at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:411)
... 48 more
</stackTrace>
</exception>
What is missing in this use case?
Environment
- Red Hat JBoss BPM Suite (BPMS)
- 6.2.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.