When trying to update a task property (bpm:comment) with code run as system, the update is just not applied (but no exception thrown). When executing the code as the task assigned user, it works fine.
Any idea ?
The code:
try {
if (userIsProcessManager) {
AuthenticationUtil.setRunAsUserSystem();
logger.debug("Running as system user");
}
WorkflowTask task = this.services.getWorkflowService().getTaskById(taskId);
if (task == null){
logger.error(ERR_MSG_INCORRECT_TASKID);
throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASKID);
}
if ((!userIsProcessManager) &&
(AuthenticationUtil.getFullyAuthenticatedUser().compareToIgnoreCase((String) task.getProperties().get(ContentModel.PROP_OWNER)) !=0)){
logger.error(ERR_MSG_INCORRECT_TASK_ASSIGNEE);
throw new WebScriptException(ERR_CODE_BAD_REQUEST, ERR_MSG_INCORRECT_TASK_ASSIGNEE);
}
Map<QName, Serializable> props = this.getPropertyMap (...);
this.services.getWorkflowService().updateTask(taskId, props, null, null);
if (endTask) this.services.getWorkflowService().endTask(taskId, null);
}finally {
AuthenticationUtil.clearCurrentSecurityContext();
}
Solved! Go to Solution.
It's finally working fine (A dummy bug fixed).
Sorry for this useless post.
Just to share the code for task update:
Code reference from alfresco:
org.alfresco.repo.web.scripts.workflow.TaskInstancePut
org.alfresco.repo.workflow.TaskUpdater
My code using RunAsWork:
finalTaskState = AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<String>() {
public String doWork() throws Exception {
logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
...
workflowService.updateTask(taskId, taskProps, null, null);
if (endTaskRequested) workflowService.endTask(taskId, null);
return task.getState().toString();
}
}, AuthenticationUtil.getSystemUserName());
Always use the runAsSystem(RunAsWork) variant instead of relying on try-finally with setRunAsUserSystem - your code is safer that way.
In your code, you are explicitly clearing the entire security context in the finally block. This does not only clear the runAs context, but also the currently logged in user. Any operation that occurs afterwards may fail due to missing authentication data.
Why do you want to run that piece of code as system anyway? Nothing you are doing appears to require elevated privileges. If any code in the process needs elevated privileges, you should apply a runAs context to as granular a level as possible ("with great power comes...").
Thanks for your response.
Still no luck when running code using 'AuthenticationUtil.RunAsWork<String>()....'.
I've tried using System or Admin account, same result (change not applied).
Is this by design ?
(I want to be able to update some task properties on behalf of the task assignee in some special cases.)
Maybe you should share the refactored code that uses RunAsWork as well as the debug output.
It's finally working fine (A dummy bug fixed).
Sorry for this useless post.
Just to share the code for task update:
Code reference from alfresco:
org.alfresco.repo.web.scripts.workflow.TaskInstancePut
org.alfresco.repo.workflow.TaskUpdater
My code using RunAsWork:
finalTaskState = AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<String>() {
public String doWork() throws Exception {
logger.info("Running update task as: " + AuthenticationUtil.getRunAsUser());
...
workflowService.updateTask(taskId, taskProps, null, null);
if (endTaskRequested) workflowService.endTask(taskId, null);
return task.getState().toString();
}
}, AuthenticationUtil.getSystemUserName());
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.