This is an automated email from the ASF dual-hosted git repository.
mweiler pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git
The following commit(s) were added to refs/heads/main by this push:
new 488f55412c [incubator-kie-issues-2088] Workflow Runtime: Secure task
management API (#4126)
488f55412c is described below
commit 488f55412cdde558223c36f0909df26bd8d8e882
Author: Martin Cimbalek <[email protected]>
AuthorDate: Wed Nov 19 15:43:35 2025 +0100
[incubator-kie-issues-2088] Workflow Runtime: Secure task management API
(#4126)
* [kie-isses-2088] Workflow Runtime: Secure Management API
- Add user checks in management API if user is admin or member of admin
group
- Add exception mappings to HTTP codes for spring boot
- Add tests and integration tests
* [incubator-kie-issues-2088] Add options to accept also owner or potential
users or groups
* fixup
* [kie-issues-2088] incporate requested changes
* [kie-issues-2088] incporate requested changes
* [kie-issues-2088] fixup
* [kie-issues-2088] fixup
* [kie-issues-2088] fixup
* [kie-issues-2088] add cleanup after tests to avoid undefined behavior
* [kie-issues-2088] fixup
* [kie-issues-2088] fix formatting
* [kie-issues-2088] fixup
---
.../service/TaskManagementOperations.java | 4 +-
.../management/service/TaskManagementService.java | 60 ++++++++++++++++++----
.../kie/kogito/auth/IdentityProviderFactory.java | 2 +
.../auth/impl/IdentityProviderFactoryImpl.java | 9 ++++
.../task/management/TaskManagementResource.java | 10 ++--
.../kogito/integrationtests/quarkus/TaskIT.java | 12 ++++-
.../exceptions/springboot/ExceptionsHandler.java | 12 +++++
.../springboot/ExceptionsHandlerTest.java | 14 +++++
.../management/TaskManagementRestController.java | 11 ++--
.../integrationtests/springboot/TaskTest.java | 47 +++++++++++++++--
.../jbpm/userTask/jpa/it/UserTaskLifeCycleIT.java | 4 +-
11 files changed, 160 insertions(+), 25 deletions(-)
diff --git
a/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementOperations.java
b/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementOperations.java
index 185cfe4ac0..3e44785f8b 100644
---
a/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementOperations.java
+++
b/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementOperations.java
@@ -18,9 +18,11 @@
*/
package org.kie.kogito.task.management.service;
+import org.kie.kogito.auth.IdentityProvider;
+
public interface TaskManagementOperations {
- TaskInfo updateTask(String taskId, TaskInfo taskInfo, boolean replace);
+ TaskInfo updateTask(String taskId, TaskInfo taskInfo, boolean replace,
IdentityProvider identity);
TaskInfo getTask(String taskId);
}
diff --git
a/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementService.java
b/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementService.java
index f834191c9a..09947f3530 100644
---
a/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementService.java
+++
b/addons/common/task-management/src/main/java/org/kie/kogito/task/management/service/TaskManagementService.java
@@ -18,19 +18,16 @@
*/
package org.kie.kogito.task.management.service;
-import java.util.Map;
+import java.util.*;
import java.util.Map.Entry;
-import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Supplier;
+import org.kie.kogito.auth.IdentityProvider;
import org.kie.kogito.process.ProcessConfig;
import org.kie.kogito.services.uow.UnitOfWorkExecutor;
-import org.kie.kogito.usertask.UserTaskConfig;
-import org.kie.kogito.usertask.UserTaskInstance;
-import org.kie.kogito.usertask.UserTaskInstanceNotFoundException;
-import org.kie.kogito.usertask.UserTasks;
+import org.kie.kogito.usertask.*;
import org.kie.kogito.usertask.impl.DefaultUserTaskInstance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -38,6 +35,7 @@ import org.slf4j.LoggerFactory;
public class TaskManagementService implements TaskManagementOperations {
private static final Logger LOG =
LoggerFactory.getLogger(TaskManagementService.class);
+ public static final String WORKFLOW_ENGINE_USER = "WORKFLOW_ENGINE_USER";
private UserTasks userTasks;
// unit of work needs to add the publisher and this is not shared.
@@ -51,9 +49,10 @@ public class TaskManagementService implements
TaskManagementOperations {
}
@Override
- public TaskInfo updateTask(String taskId, TaskInfo taskInfo, boolean
shouldReplace) {
- UserTaskInstance userTaskInstance =
UnitOfWorkExecutor.executeInUnitOfWork(processesConfig.unitOfWorkManager(), ()
-> {
+ public TaskInfo updateTask(String taskId, TaskInfo taskInfo, boolean
shouldReplace, IdentityProvider identity) {
+ UserTaskInstance updatedUserTaskInstance =
UnitOfWorkExecutor.executeInUnitOfWork(processesConfig.unitOfWorkManager(), ()
-> {
DefaultUserTaskInstance ut = (DefaultUserTaskInstance)
getUserTaskInstance(taskId);
+ enforceAdminOrOwner(ut, identity);
setField(ut::setTaskDescription, taskInfo::getDescription,
shouldReplace);
setField(ut::setTaskPriority, taskInfo::getPriority,
shouldReplace);
setField(ut::setAdminGroups, taskInfo::getAdminGroups,
shouldReplace);
@@ -64,8 +63,8 @@ public class TaskManagementService implements
TaskManagementOperations {
setMap(ut::setInputs, ut::setInput, taskInfo.getInputParams(),
shouldReplace);
return ut;
});
- LOG.trace("updated task through management endpoint to {}",
userTaskInstance);
- return convert(userTaskInstance);
+ LOG.trace("updated task through management endpoint to {}",
updatedUserTaskInstance);
+ return convert(updatedUserTaskInstance);
}
private <T> boolean setField(Consumer<T> consumer, Supplier<T> supplier,
boolean shouldReplace) {
@@ -120,4 +119,45 @@ public class TaskManagementService implements
TaskManagementOperations {
return userTaskInstance.get();
}
+ private void enforceAdminOrOwner(UserTaskInstance userTaskInstance,
IdentityProvider identity) {
+ String user = identity.getName();
+ Collection<String> roles = identity.getRoles();
+ String taskId = userTaskInstance.getId();
+
+ if (WORKFLOW_ENGINE_USER.equals(user)) {
+ LOG.debug("User {} authorized for user task {} as system user.",
user, taskId);
+ return;
+ }
+
+ if (user == null) {
+ LOG.debug("No user defined to perform update on user task {}",
userTaskInstance.getId());
+ throw new UserTaskInstanceNotAuthorizedException("No user defined
to perform update on user task " + userTaskInstance.getId());
+ }
+
+ Set<String> adminUsers = userTaskInstance.getAdminUsers();
+ if (adminUsers.contains(user)) {
+ LOG.debug("User {} authorized for user task {} as admin user.",
user, taskId);
+ return;
+ }
+
+ Set<String> userAdminGroups = new
HashSet<>(userTaskInstance.getAdminGroups());
+ userAdminGroups.retainAll(roles);
+ if (!userAdminGroups.isEmpty()) {
+ LOG.debug("User {} with roles {} authorized for user task {} as a
member of admin group.", user, roles, taskId);
+ return;
+ }
+
+ if (user.equals(userTaskInstance.getActualOwner())) {
+ LOG.debug("User {} authorized for user task {} as owner.", user,
taskId);
+ return;
+ }
+
+ LOG.debug("identity {} with roles {} not authorized for user task {}
with adminUsers {} and adminGroups {}",
+ identity.getName(),
+ identity.getRoles(),
+ userTaskInstance.getId(),
+ userTaskInstance.getAdminUsers(),
+ userTaskInstance.getAdminGroups());
+ throw new UserTaskInstanceNotAuthorizedException("User " + user + "
with roles " + identity.getRoles() + " not authorized to perform an operation
on user task " + userTaskInstance.getId());
+ }
}
diff --git
a/api/kogito-api/src/main/java/org/kie/kogito/auth/IdentityProviderFactory.java
b/api/kogito-api/src/main/java/org/kie/kogito/auth/IdentityProviderFactory.java
index 0d44e9274a..a6c75a0d34 100644
---
a/api/kogito-api/src/main/java/org/kie/kogito/auth/IdentityProviderFactory.java
+++
b/api/kogito-api/src/main/java/org/kie/kogito/auth/IdentityProviderFactory.java
@@ -37,4 +37,6 @@ public interface IdentityProviderFactory {
String KOGITO_SECURITY_AUTH_IMPERSONATION_ALLOWED_FOR_ROLES =
"kogito.security.auth.impersonation.allowed-for-roles";
IdentityProvider getOrImpersonateIdentity(String user, Collection<String>
roles);
+
+ IdentityProvider getIdentity(String user, Collection<String> roles);
}
diff --git
a/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
b/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
index 655ed5daa3..ae2e5d3c63 100644
---
a/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
+++
b/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
@@ -49,4 +49,13 @@ public class IdentityProviderFactoryImpl implements
IdentityProviderFactory {
return identityProvider;
}
+
+ @Override
+ public IdentityProvider getIdentity(String user, Collection<String> roles)
{
+
+ if (!config.isEnabled()) {
+ return IdentityProviders.of(user, roles);
+ }
+ return identityProvider;
+ }
}
diff --git
a/quarkus/addons/task-management/runtime/src/main/java/org/kie/kogito/task/management/TaskManagementResource.java
b/quarkus/addons/task-management/runtime/src/main/java/org/kie/kogito/task/management/TaskManagementResource.java
index d87f5ca2fe..380f505b39 100644
---
a/quarkus/addons/task-management/runtime/src/main/java/org/kie/kogito/task/management/TaskManagementResource.java
+++
b/quarkus/addons/task-management/runtime/src/main/java/org/kie/kogito/task/management/TaskManagementResource.java
@@ -20,6 +20,7 @@ package org.kie.kogito.task.management;
import java.util.List;
+import org.kie.kogito.auth.IdentityProviderFactory;
import org.kie.kogito.process.ProcessConfig;
import org.kie.kogito.task.management.service.TaskInfo;
import org.kie.kogito.task.management.service.TaskManagementOperations;
@@ -54,6 +55,9 @@ public class TaskManagementResource {
@Inject
private ProcessConfig processConfig;
+ @Inject
+ IdentityProviderFactory identityProviderFactory;
+
@PostConstruct
private void init() {
taskService = new TaskManagementService(userTasks, userTaskConfig,
processConfig);
@@ -68,7 +72,7 @@ public class TaskManagementResource {
@QueryParam("user") final String user,
@QueryParam("group") final List<String> groups,
TaskInfo taskInfo) {
- taskService.updateTask(taskId, taskInfo, true);
+ taskService.updateTask(taskId, taskInfo, true,
identityProviderFactory.getIdentity(user, groups));
return Response.ok().build();
}
@@ -76,12 +80,12 @@ public class TaskManagementResource {
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Path("{taskId}")
- public TaskInfo partialUpdateTask(
+ public Response partialUpdateTask(
@PathParam("taskId") String taskId,
@QueryParam("user") final String user,
@QueryParam("group") final List<String> groups,
TaskInfo taskInfo) {
- return taskService.updateTask(taskId, taskInfo, false);
+ return Response.ok(taskService.updateTask(taskId, taskInfo, false,
identityProviderFactory.getIdentity(user, groups))).build();
}
@GET
diff --git
a/quarkus/integration-tests/integration-tests-quarkus-processes/src/test/java/org/kie/kogito/integrationtests/quarkus/TaskIT.java
b/quarkus/integration-tests/integration-tests-quarkus-processes/src/test/java/org/kie/kogito/integrationtests/quarkus/TaskIT.java
index 0388d2827e..7c2c279ae5 100644
---
a/quarkus/integration-tests/integration-tests-quarkus-processes/src/test/java/org/kie/kogito/integrationtests/quarkus/TaskIT.java
+++
b/quarkus/integration-tests/integration-tests-quarkus-processes/src/test/java/org/kie/kogito/integrationtests/quarkus/TaskIT.java
@@ -399,10 +399,20 @@ class TaskIT {
Collections.singleton("managers"),
Collections.singleton("Javierito"), Collections.emptySet(),
Collections.emptySet(), Collections.emptyMap());
+ //at first we try with user that doesn't have rights
given().contentType(ContentType.JSON)
.when()
.queryParam("user", "admin")
- .queryParam("group", "managers")
+ .pathParam("taskId", taskId)
+ .body(upTaskInfo)
+ .put("/management/usertasks/{taskId}")
+ .then()
+ .statusCode(403); //should fail, because there is not an
"admin" user assigned to User Task
+
+ //"manager" should have rights
+ given().contentType(ContentType.JSON)
+ .when()
+ .queryParam("user", "manager")
.pathParam("taskId", taskId)
.body(upTaskInfo)
.put("/management/usertasks/{taskId}")
diff --git
a/springboot/addons/rest-exception-handler/src/main/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandler.java
b/springboot/addons/rest-exception-handler/src/main/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandler.java
index 9872513141..9f77881788 100644
---
a/springboot/addons/rest-exception-handler/src/main/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandler.java
+++
b/springboot/addons/rest-exception-handler/src/main/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandler.java
@@ -34,6 +34,8 @@ import
org.kie.kogito.process.ProcessInstanceNotFoundException;
import org.kie.kogito.process.VariableViolationException;
import org.kie.kogito.resource.exceptions.AbstractExceptionsHandler;
import org.kie.kogito.resource.exceptions.ExceptionBodyMessage;
+import org.kie.kogito.usertask.UserTaskInstanceNotAuthorizedException;
+import org.kie.kogito.usertask.UserTaskInstanceNotFoundException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
@@ -114,6 +116,11 @@ public class ExceptionsHandler extends
AbstractExceptionsHandler<ResponseEntity<
return mapException(exception);
}
+ @ExceptionHandler(UserTaskInstanceNotAuthorizedException.class)
+ public ResponseEntity<Map<String, String>>
toResponse(UserTaskInstanceNotAuthorizedException exception) {
+ return mapException(exception);
+ }
+
@ExceptionHandler(ProcessInstanceDuplicatedException.class)
public ResponseEntity<Map<String, String>>
toResponse(ProcessInstanceDuplicatedException exception) {
return mapException(exception);
@@ -129,6 +136,11 @@ public class ExceptionsHandler extends
AbstractExceptionsHandler<ResponseEntity<
return mapException(exception);
}
+ @ExceptionHandler(UserTaskInstanceNotFoundException.class)
+ public ResponseEntity<Map<String, String>>
toResponse(UserTaskInstanceNotFoundException exception) {
+ return mapException(exception);
+ }
+
@ExceptionHandler(WorkItemNotFoundException.class)
public ResponseEntity<Map<String, String>>
toResponse(WorkItemNotFoundException exception) {
return mapException(exception);
diff --git
a/springboot/addons/rest-exception-handler/src/test/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandlerTest.java
b/springboot/addons/rest-exception-handler/src/test/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandlerTest.java
index 10c8290620..c21940386d 100644
---
a/springboot/addons/rest-exception-handler/src/test/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandlerTest.java
+++
b/springboot/addons/rest-exception-handler/src/test/java/org/kie/kogito/resource/exceptions/springboot/ExceptionsHandlerTest.java
@@ -33,6 +33,8 @@ import
org.kie.kogito.process.ProcessInstanceExecutionException;
import org.kie.kogito.process.ProcessInstanceNotFoundException;
import org.kie.kogito.process.VariableViolationException;
import org.kie.kogito.resource.exceptions.ExceptionBodyMessage;
+import org.kie.kogito.usertask.UserTaskInstanceNotAuthorizedException;
+import org.kie.kogito.usertask.UserTaskInstanceNotFoundException;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.HttpStatus;
@@ -108,12 +110,24 @@ class ExceptionsHandlerTest {
verify(tested).mapException(exception);
}
+ @Test
+ void testUserTaskInstanceNotFoundException(@Mock
UserTaskInstanceNotFoundException exception) {
+ tested.toResponse(exception);
+ verify(tested).mapException(exception);
+ }
+
@Test
void testNotAuthorizedException(@Mock NotAuthorizedException exception) {
tested.toResponse(exception);
verify(tested).mapException(exception);
}
+ @Test
+ void testUserTaskInstanceNotAuthorizedException(@Mock
UserTaskInstanceNotAuthorizedException exception) {
+ tested.toResponse(exception);
+ verify(tested).mapException(exception);
+ }
+
@Test
void testProcessInstanceDuplicatedException(@Mock
ProcessInstanceDuplicatedException exception) {
tested.toResponse(exception);
diff --git
a/springboot/addons/task-management/src/main/java/org/kie/kogito/task/management/TaskManagementRestController.java
b/springboot/addons/task-management/src/main/java/org/kie/kogito/task/management/TaskManagementRestController.java
index 8fdd0e8f6f..039098f939 100644
---
a/springboot/addons/task-management/src/main/java/org/kie/kogito/task/management/TaskManagementRestController.java
+++
b/springboot/addons/task-management/src/main/java/org/kie/kogito/task/management/TaskManagementRestController.java
@@ -20,6 +20,7 @@ package org.kie.kogito.task.management;
import java.util.List;
+import org.kie.kogito.auth.IdentityProviderFactory;
import org.kie.kogito.process.ProcessConfig;
import org.kie.kogito.task.management.service.TaskInfo;
import org.kie.kogito.task.management.service.TaskManagementOperations;
@@ -43,6 +44,9 @@ import static
org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@RequestMapping("/management/usertasks/")
public class TaskManagementRestController {
+ @Autowired
+ IdentityProviderFactory identityProviderFactory;
+
TaskManagementOperations taskService;
@Autowired
@@ -56,18 +60,17 @@ public class TaskManagementRestController {
@RequestParam(value = "user", required = false) String user,
@RequestParam(value = "group", required = false) List<String>
groups,
@RequestBody TaskInfo taskInfo) {
- taskService.updateTask(taskId, taskInfo, true);
+ taskService.updateTask(taskId, taskInfo, true,
identityProviderFactory.getIdentity(user, groups));
return ResponseEntity.ok().build();
}
@PatchMapping(value = "{taskId}", produces = APPLICATION_JSON_VALUE)
- public TaskInfo partialUpdateTask(
+ public ResponseEntity<TaskInfo> partialUpdateTask(
@PathVariable("taskId") String taskId,
@RequestParam(value = "user", required = false) String user,
@RequestParam(value = "group", required = false) List<String>
groups,
@RequestBody TaskInfo taskInfo) {
- return taskService.updateTask(taskId, taskInfo, false);
-
+ return ResponseEntity.ok(taskService.updateTask(taskId, taskInfo,
false, identityProviderFactory.getIdentity(user, groups)));
}
@GetMapping(value = "{taskId}", produces = APPLICATION_JSON_VALUE)
diff --git
a/springboot/integration-tests/integration-tests-springboot-processes-it/src/test/java/org/kie/kogito/integrationtests/springboot/TaskTest.java
b/springboot/integration-tests/integration-tests-springboot-processes-it/src/test/java/org/kie/kogito/integrationtests/springboot/TaskTest.java
index c11f1f9831..992750312e 100644
---
a/springboot/integration-tests/integration-tests-springboot-processes-it/src/test/java/org/kie/kogito/integrationtests/springboot/TaskTest.java
+++
b/springboot/integration-tests/integration-tests-springboot-processes-it/src/test/java/org/kie/kogito/integrationtests/springboot/TaskTest.java
@@ -32,6 +32,7 @@ import java.util.stream.Stream;
import org.acme.travels.Address;
import org.acme.travels.Traveller;
import org.jbpm.util.JsonSchemaUtil;
+import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.kie.kogito.task.management.service.TaskInfo;
@@ -57,6 +58,33 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = KogitoSpringbootApplication.class)
public class TaskTest extends BaseRestTest {
+ @AfterEach
+ public void cleanUp() {
+ String processId = "";
+ do {
+ processId = given()
+ .when()
+ .contentType(ContentType.JSON)
+ .queryParam("user", "admin")
+ .queryParam("group", "managers")
+ .get("/approvals")
+ .then()
+ .statusCode(200)
+ .extract()
+ .path("[0].id");
+ if (processId != null && !processId.isBlank()) {
+ given()
+ .when()
+ .contentType(ContentType.JSON)
+ .queryParam("user", "admin")
+ .queryParam("group", "managers")
+ .pathParam("processId", processId)
+ .delete("/approvals/{processId}")
+ .then();
+ }
+ } while (processId != null && !processId.isBlank());
+ }
+
@Test
void testJsonSchema() {
given()
@@ -278,8 +306,7 @@ public class TaskTest extends BaseRestTest {
.then()
.statusCode(200);
- given().contentType(
- ContentType.JSON)
+ given().contentType(ContentType.JSON)
.when()
.queryParam("user", "admin")
.queryParam("group", "managers")
@@ -390,7 +417,7 @@ public class TaskTest extends BaseRestTest {
String taskId = given()
.contentType(ContentType.JSON)
- .queryParam("user", "admin")
+ .queryParam("user", "manager")
.queryParam("group", "managers")
.when()
.get("/usertasks/instance")
@@ -402,9 +429,21 @@ public class TaskTest extends BaseRestTest {
TaskInfo upTaskInfo = new TaskInfo("firstAproval", "high",
Collections.singleton("admin"),
Collections.singleton("managers"),
Collections.singleton("Javierito"), Collections.emptySet(),
Collections.emptySet(), Collections.emptyMap());
+
+ //at first, we try with user that doesn't have rights
given().contentType(ContentType.JSON)
.when()
- .queryParam("user", "admin")
+ .queryParam("user", "jsnow")
+ .pathParam("taskId", taskId)
+ .body(upTaskInfo)
+ .put("/management/usertasks/{taskId}")
+ .then()
+ .statusCode(403); //should fail, because there is not an
"jsnow" user assigned to User Task
+
+ //"managers" should have rights
+ given().contentType(ContentType.JSON)
+ .when()
+ .queryParam("user", "manager")
.queryParam("group", "managers")
.pathParam("taskId", taskId)
.body(upTaskInfo)
diff --git
a/springboot/integration-tests/integration-tests-springboot-usertasks-it/src/test/java/org/jbpm/userTask/jpa/it/UserTaskLifeCycleIT.java
b/springboot/integration-tests/integration-tests-springboot-usertasks-it/src/test/java/org/jbpm/userTask/jpa/it/UserTaskLifeCycleIT.java
index 2a4bb8430e..dda4332ef0 100644
---
a/springboot/integration-tests/integration-tests-springboot-usertasks-it/src/test/java/org/jbpm/userTask/jpa/it/UserTaskLifeCycleIT.java
+++
b/springboot/integration-tests/integration-tests-springboot-usertasks-it/src/test/java/org/jbpm/userTask/jpa/it/UserTaskLifeCycleIT.java
@@ -153,7 +153,7 @@ public class UserTaskLifeCycleIT extends BaseUserTaskIT {
.body(new TransitionInfo("claim"))
.post(USER_TASKS_INSTANCE_TRANSITION_ENDPOINT, taskId)
.then()
- .statusCode(500);
+ .statusCode(403);
given()
.contentType(ContentType.JSON)
@@ -241,7 +241,7 @@ public class UserTaskLifeCycleIT extends BaseUserTaskIT {
.queryParam("group", "it")
.get(USER_TASKS_INSTANCE_TRANSITION_ENDPOINT, taskId)
.then()
- .statusCode(500);
+ .statusCode(403);
given()
.contentType(ContentType.JSON)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
