09-10-2018 11:53 AM
When trying to update a task property (bpm:comment) with code run as system, the update is just not applied (but no exception thrown). When executing the code as the task assigned user, it works fine.
Any idea ?
The code:
try {
if (userIsProcessManager) {
AuthenticationUtil.setRunAsUserSystem();
logger.debug("Running as system user");
}
WorkflowTask task = this.services.getWorkflowService().getTaskById(taskId);
if (task == null){
logger.error(ERR_MSG_INCORRECT_TASKID);
throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASKID);
}
if ((!userIsProcessManager) &&
(AuthenticationUtil.getFullyAuthenticatedUser().compareToIgnoreCase((String) task.getProperties().get(ContentModel.PROP_OWNER)) !=0)){
logger.error(ERR_MSG_INCORRECT_TASK_ASSIGNEE);
throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASK_ASSIGNEE);
}
Map<QName, Serializable> props = this.getPropertyMap (...);
this.services.getWorkflowService().updateTask(taskId, props, null, null);
if (endTask) this.services.getWorkflowService().endTask(taskId, null);
}finally {
AuthenticationUtil.clearCurrentSecurityContext();
}
09-13-2018 04:15 AM
It's finally working fine (A dummy bug fixed).
Sorry for this useless post.
Just to share the code for task update:
Code reference from alfresco:
org.alfresco.repo.web.scripts.workflow.TaskInstancePut
org.alfresco.repo.workflow.TaskUpdater
My code using RunAsWork:
finalTaskState = AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<String>() {
public String doWork() throws Exception {
logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
...
workflowService.updateTask(taskId, taskProps, null, null);
if (endTaskRequested) workflowService.endTask(taskId, null);
return task.getState().toString();
}
}, AuthenticationUtil.getSystemUserName());
09-10-2018 12:05 PM
Always use the runAsSystem(RunAsWork) variant instead of relying on try-finally with setRunAsUserSystem - your code is safer that way.
In your code, you are explicitly clearing the entire security context in the finally block. This does not only clear the runAs context, but also the currently logged in user. Any operation that occurs afterwards may fail due to missing authentication data.
Why do you want to run that piece of code as system anyway? Nothing you are doing appears to require elevated privileges. If any code in the process needs elevated privileges, you should apply a runAs context to as granular a level as possible ("with great power comes...").
09-10-2018 04:51 PM
Thanks for your response.
Still no luck when running code using 'AuthenticationUtil.RunAsWork<String>()....'.
I've tried using System or Admin account, same result (change not applied).
Is this by design ?
(I want to be able to update some task properties on behalf of the task assignee in some special cases.)
09-11-2018 02:11 PM
Maybe you should share the refactored code that uses RunAsWork as well as the debug output.
09-13-2018 04:15 AM
It's finally working fine (A dummy bug fixed).
Sorry for this useless post.
Just to share the code for task update:
Code reference from alfresco:
org.alfresco.repo.web.scripts.workflow.TaskInstancePut
org.alfresco.repo.workflow.TaskUpdater
My code using RunAsWork:
finalTaskState = AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<String>() {
public String doWork() throws Exception {
logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
...
workflowService.updateTask(taskId, taskProps, null, null);
if (endTaskRequested) workflowService.endTask(taskId, null);
return task.getState().toString();
}
}, AuthenticationUtil.getSystemUserName());
Explore our Alfresco products with the links below. Use labels to filter content by product module.