1

我是一名 JBPM 新手,最近开始使用 jBPM Workbench Showcase Docker 映像,更具体地说是招聘流程。在控制台上一切正常,但是当我尝试使用 JBPM REST API 来控制进程时,我得到了 PermissionDeniedException。

当我想使用[POST] /task/{taskId}/claim. 我得到以下异常:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <exception>
              <status>FAILURE</status>
              <url>http://localhost:8080/jbpm-console/rest/task/1/claim</url>
              <message>PermissionDeniedException thrown with message 'User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1'</message>
              <stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:418)
            at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:425)
            at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(Unknown Source)
            at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600)
            at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182)
            at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(Unknown Source)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:498)
            at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
            at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
            at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:67)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:78)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
            at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
            at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
            at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
            at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
            at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
            at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
            at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
            at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
            at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
            at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
            at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
            at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
            at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
            at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
            at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
            at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            at java.lang.Thread.run(Thread.java:748)
          Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
            at org.jbpm.services.task.impl.TaskInstanceServiceImpl.claim(TaskInstanceServiceImpl.java:154)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:52)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:33)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40)
            at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:157)
            at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:851)
            at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:952)
            at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(Unknown Source)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:410)
            ... 62 more
          </stackTrace>
          </exception>

我不明白的事情,我正在尝试使用用户声明任务katy,但错误显示用户admin没有权限! 在此处输入图像描述

4

2 回答 2

1

我遇到了与 JBPM 类似的问题。这是 JbossEAP 的配置,它缓存了第一个登录到应用程序的用户的凭据。因此,JBPM 也使用相同的凭据为其他用户执行任务操作。

我删除了standalone.xml 中的cache-type="default"in<security-domain name="name" cache-type="default">标签。它对我有用

于 2018-08-02T03:13:09.367 回答
0

查看异常,看起来“管理员”用户不是分配给 HumanTask 的组的一部分。只有 Task 的 PotentialOwners 才能执行任务操作。检查任务分配并据此使用正确的用户执行任务操作

于 2017-05-31T06:01:38.453 回答