task property update with runAs System

cancel
Showing results for 
Search instead for 
Did you mean: 
vincent-kali
Established Member

task property update with runAs System

Jump to solution

When trying to update a task property (bpm:comment) with code run as system, the update is just not applied (but no exception thrown). When executing the code as the task assigned user, it works fine.

Any idea ?

The code:

try {
 if (userIsProcessManager) {
  AuthenticationUtil.setRunAsUserSystem();
  logger.debug("Running as system user");
 }
     
 WorkflowTask task = this.services.getWorkflowService().getTaskById(taskId);
 if (task == null){
  logger.error(ERR_MSG_INCORRECT_TASKID);
  throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASKID);
 }
     
 if ((!userIsProcessManager) &&
  (AuthenticationUtil.getFullyAuthenticatedUser().compareToIgnoreCase((String) task.getProperties().get(ContentModel.PROP_OWNER)) !=0)){
  logger.error(ERR_MSG_INCORRECT_TASK_ASSIGNEE);
  throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASK_ASSIGNEE);
 }
      
 Map<QName, Serializable> props = this.getPropertyMap (...);
 this.services.getWorkflowService().updateTask(taskId, props, null, null);
 if (endTask) this.services.getWorkflowService().endTask(taskId, null);
    
}finally {
 AuthenticationUtil.clearCurrentSecurityContext();
}

1 Solution

Accepted Solutions
vincent-kali
Established Member

Re: task property update with runAs System

Jump to solution

It's finally working fine (A dummy bug fixed).
Sorry for this useless post.

Just to share the code for task update:

Code reference from alfresco:
 org.alfresco.repo.web.scripts.workflow.TaskInstancePut
 org.alfresco.repo.workflow.TaskUpdater

My code using RunAsWork:

 finalTaskState = AuthenticationUtil.runAs(
  new AuthenticationUtil.RunAsWork<String>() {
  public String doWork() throws Exception {
   logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
   ...
   workflowService.updateTask(taskId, taskProps, null, null);
         if (endTaskRequested) workflowService.endTask(taskId, null);
         return task.getState().toString();
  }
 }, AuthenticationUtil.getSystemUserName()); 
 

View solution in original post

4 Replies
afaust
Master

Re: task property update with runAs System

Jump to solution

Always use the runAsSystem(RunAsWork) variant instead of relying on try-finally with setRunAsUserSystem - your code is safer that way.

In your code, you are explicitly clearing the entire security context in the finally block. This does not only clear the runAs context, but also the currently logged in user. Any operation that occurs afterwards may fail due to missing authentication data.

Why do you want to run that piece of code as system anyway? Nothing you are doing appears to require elevated privileges. If any code in the process needs elevated privileges, you should apply a runAs context to as granular a level as possible ("with great power comes...").

vincent-kali
Established Member

Re: task property update with runAs System

Jump to solution

Thanks for your response.

Still no luck when running code using 'AuthenticationUtil.RunAsWork<String>()....'.

I've tried using System or Admin account, same result (change not applied).

Is this by design ?

(I want to be able to update some task properties on behalf of the task assignee in some special cases.)

jpotts
Professional

Re: task property update with runAs System

Jump to solution

Maybe you should share the refactored code that uses RunAsWork as well as the debug output.

vincent-kali
Established Member

Re: task property update with runAs System

Jump to solution

It's finally working fine (A dummy bug fixed).
Sorry for this useless post.

Just to share the code for task update:

Code reference from alfresco:
 org.alfresco.repo.web.scripts.workflow.TaskInstancePut
 org.alfresco.repo.workflow.TaskUpdater

My code using RunAsWork:

 finalTaskState = AuthenticationUtil.runAs(
  new AuthenticationUtil.RunAsWork<String>() {
  public String doWork() throws Exception {
   logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
   ...
   workflowService.updateTask(taskId, taskProps, null, null);
         if (endTaskRequested) workflowService.endTask(taskId, null);
         return task.getState().toString();
  }
 }, AuthenticationUtil.getSystemUserName()); 
 

View solution in original post