对 JBPM return PermissionDeniedException 执行索赔休息调用

executing claim rest call on JBPM return PermissionDeniedException

我是 JBPM 新手,我最近开始玩 jBPM Workbench 展示 Docker 图片,更具体地说是招聘流程。在控制台上一切正常,但是当我尝试使用 JBPM rest API 来控制进程时,我得到了一个 PermissionDeniedException。

当我想使用 [POST] /task/{taskId}/claim 领取任务时出现错误。我收到以下异常:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <exception>
              <status>FAILURE</status>
              <url>http://localhost:8080/jbpm-console/rest/task/1/claim</url>
              <message>PermissionDeniedException thrown with message 'User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1'</message>
              <stackTrace>org.kie.remote.services.rest.exception.KieRemoteRestOperationException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.kie.remote.services.rest.exception.KieRemoteRestOperationException.internalServerError(KieRemoteRestOperationException.java:151)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:418)
            at org.kie.remote.services.cdi.ProcessRequestBean.doRestTaskOperation(ProcessRequestBean.java:425)
            at org.kie.remote.services.cdi.ProcessRequestBean$Proxy$_$$_WeldClientProxy.doRestTaskOperation(Unknown Source)
            at org.kie.remote.services.rest.ResourceBase.doRestTaskOperationWithTaskId(ResourceBase.java:600)
            at org.kie.remote.services.rest.TaskResourceImpl.doTaskOperation(TaskResourceImpl.java:182)
            at org.kie.remote.services.rest.TaskResourceImpl$Proxy$_$$_WeldClientProxy.doTaskOperation(Unknown Source)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:498)
            at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
            at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
            at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
            at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
            at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
            at org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter.doFilter(DynamicJaxbContextFilter.java:67)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.BasicAuthSecurityFilter.doFilter(BasicAuthSecurityFilter.java:78)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
            at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
            at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
            at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
            at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
            at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
            at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
            at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
            at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
            at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
            at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
            at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
            at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
            at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
            at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
            at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
            at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
            at io.undertow.servlet.handlers.ServletInitialHandler.access[=11=]0(ServletInitialHandler.java:81)
            at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:174)
            at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
            at io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:793)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            at java.lang.Thread.run(Thread.java:748)
          Caused by: org.jbpm.services.task.exception.PermissionDeniedException: User '[UserImpl:'admin']' does not have permissions to execute operation 'Claim' on task id 1
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.evalCommand(MVELLifeCycleManager.java:119)
            at org.jbpm.services.task.internals.lifecycle.MVELLifeCycleManager.taskOperation(MVELLifeCycleManager.java:369)
            at org.jbpm.services.task.impl.TaskInstanceServiceImpl.claim(TaskInstanceServiceImpl.java:154)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:52)
            at org.jbpm.services.task.commands.ClaimTaskCommand.execute(ClaimTaskCommand.java:33)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl$SelfExecutionCommandService.execute(TaskCommandExecutorImpl.java:65)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.jbpm.services.task.persistence.TaskTransactionInterceptor.execute(TaskTransactionInterceptor.java:69)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jta.TransactionLockInterceptor.execute(TransactionLockInterceptor.java:73)
            at org.drools.core.command.impl.AbstractInterceptor.executeNext(AbstractInterceptor.java:41)
            at org.drools.persistence.jpa.OptimisticLockRetryInterceptor.execute(OptimisticLockRetryInterceptor.java:82)
            at org.jbpm.services.task.commands.TaskCommandExecutorImpl.execute(TaskCommandExecutorImpl.java:40)
            at org.jbpm.services.task.impl.command.CommandBasedTaskService.execute(CommandBasedTaskService.java:157)
            at org.jbpm.runtime.manager.impl.task.SynchronizedTaskService.execute(SynchronizedTaskService.java:851)
            at org.jbpm.kie.services.impl.UserTaskServiceImpl.execute(UserTaskServiceImpl.java:952)
            at org.jbpm.services.cdi.impl.UserTaskServiceCDIImpl$Proxy$_$$_WeldClientProxy.execute(Unknown Source)
            at org.kie.remote.services.cdi.ProcessRequestBean.doTaskOperation(ProcessRequestBean.java:410)
            ... 62 more
          </stackTrace>
          </exception>

我不明白的是,我正在尝试使用用户 katy 领取任务,但错误显示用户 admin 没有权限!

查看异常 'admin' 用户不属于分配给 HumanTask 的组。只有任务的潜在所有者才能执行任务操作。检查任务分配并相应地使用正确的用户来执行任务操作

我遇到过与 JBPM 类似的问题。这是 JbossEAP 的一个配置,它缓存了登录到 application.Therfore 的第一个用户的凭据,JBPM 也使用相同的凭据为其他用户执行任务操作。

我删除了 standalone.xml 中 <security-domain name="name" cache-type="default"> 标签中的 cache-type="default"。 它对我有用