Skipping a User Task does not work in BPMS 6.2 if the authenticated user is assigned to 'admin' role

Solution Verified - Updated -

Issue

  • The requirement behind using skipping tasks in BPMN2 processes is to skip a User Task if no Actor or Group was assigned and skippable flag is true for the User Task. In this case process flow should not go to the User Task of the node and should be skipped. However using the following REST API of skipping a User Task with a user credential who has been assigned to admin role inside application-roles.properties file, it does not work. It is expected that having assigned the role of admin to the user , it should enable it to perform administrative operations on User Task , e.g. Skip etc.
http://10.10.10.10:8080/business-central/rest/task/1234/skip

This is the list of roles assigned to the user who was used to access the REST URL:

bpmsAdmin=analyst,user,admin,kie-server,rest-all
  • This is the response received after the REST call.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<exception> 
    <status>FAILURE</status> 
    <url>http://10.10.10.10:8080/business-central/rest/task/1234/skip </url> 
    <message>PermissionDeniedException thrown with message 'User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234'</message> 
    <stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234 
        at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151) 
        at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:419) 
        at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:426) 
        at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(ProcessRequestBean$Proxy$_$$_WeldClientProxy.java) 
        at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600) 
        at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182) 
        at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(TaskResourceImpl$Proxy$_$$_WeldClientProxy.java) 
        at sun.reflect.GeneratedMethodAccessor277.invoke(Unknown Source) 
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
        at java.lang.reflect.Method.invoke(Method.java:601) 
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) 
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) 
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) 
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) 
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561) 
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543) 
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128) 
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) 
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) 
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) 
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) 
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) 
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 
        at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:72) 
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) 
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 
        at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:53) 
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) 
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 
        at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:53) 
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) 
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 
        at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:45) 
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) 
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) 
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) 
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) 
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:420) 
        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) 
        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) 
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) 
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) 
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) 
        at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:400) 
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) 
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) 
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) 
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) 
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) 
        at java.lang.Thread.run(Thread.java:722) 
Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'bpmsAdmin']' does not have permissions to execute operation 'Skip' on task id 1234 
        at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119) 
        at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369) 
        at org.jbpm.services.task.impl.TaskInstanceServiceImpl.skip(TaskInstanceServiceImpl.java:293) 
        at org.jbpm.services.task.commands.SkipTaskCommand.execute(SkipTaskCommand.java:53) 
        at org.jbpm.services.task.commands.SkipTaskCommand.execute(SkipTaskCommand.java:34) 
        at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65) 
        at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41) 
        at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69) 
        at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41) 
        at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73) 
        at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41) 
        at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82) 
        at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40) 
        at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:156) 
        at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:865) 
        at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:923) 
        at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.java) 
        at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:411) 
        ... 48 more 
</stackTrace> 
</exception>

What is missing in this use case?

Environment

  • Red Hat JBoss BPM Suite (BPMS)
    • 6.2.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content