jbpmredhat-bpm

executing claim rest call on JBPM return PermissionDeniedException


I'm a JBPM newbie and I recently started playing with jBPM Workbench Showcase Docker image, and more specifically the hiring process. Everything works fine on the console, But when I tried to use JBPM rest API to control the process I got a PermissionDeniedException.

The error occurs when I want to claim a task using [POST] /task/{taskId}/claim. I got the following exception:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <exception>
              <status>FAILURE</status>
              <url>http://localhost:8080/jbpm-console/rest/task/1/claim</url>
              <message>PermissionDeniedException thrown with message 'User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1'</message>
              <stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:418)
            at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:425)
            at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(Unknown Source)
            at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600)
            at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182)
            at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(Unknown Source)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:498)
            at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
            at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
            at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:67)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:78)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
            at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
            at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
            at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
            at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
            at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
            at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
            at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
            at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
            at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
            at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
            at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
            at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
            at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
            at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
            at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
            at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            at java.lang.Thread.run(Thread.java:748)
          Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
            at org.jbpm.services.task.impl.TaskInstanceServiceImpl.claim(TaskInstanceServiceImpl.java:154)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:52)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:33)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40)
            at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:157)
            at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:851)
            at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:952)
            at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(Unknown Source)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:410)
            ... 62 more
          </stackTrace>
          </exception>

The thing I dont understand, I'm trying to claim the task using the user katy, but the error shows the the user admin does not have permission! enter image description here


Solution

  • Looking at the exception it looks like 'admin' user is not part of group to which HumanTask is assigned. Only PotentialOwners of task can perform task operation. Check Task assignments and accordingly to that use correct user to perform task operation