This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 678724f Upgrading Flowable and disabling Shell Service Tasks (#194)
678724f is described below
commit 678724fb8579219e4b0efd0648c1a24b8ca26a68
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Thu Jun 11 10:32:21 2020 +0200
Upgrading Flowable and disabling Shell Service Tasks (#194)
---
.../core/flowable/WorkflowFlowableContext.java | 14 +++-----
.../ShellServiceTaskDisablingBpmnParseHandler.java | 39 ++++++++++++++++++++++
.../src/main/resources/invalidRequest.bpmn20.xml | 37 ++++++++++++++++++++
.../apache/syncope/fit/core/UserRequestITCase.java | 15 +++++++++
4 files changed, 95 insertions(+), 10 deletions(-)
diff --git
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/WorkflowFlowableContext.java
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/WorkflowFlowableContext.java
index 3a59def..64003bc 100644
---
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/WorkflowFlowableContext.java
+++
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/WorkflowFlowableContext.java
@@ -24,6 +24,7 @@ import
org.apache.syncope.core.flowable.impl.FlowableBpmnProcessManager;
import org.apache.syncope.core.flowable.impl.FlowableUserRequestHandler;
import org.apache.syncope.core.flowable.impl.FlowableWorkflowUtils;
import
org.apache.syncope.core.flowable.support.DomainProcessEngineConfiguration;
+import
org.apache.syncope.core.flowable.support.ShellServiceTaskDisablingBpmnParseHandler;
import org.apache.syncope.core.flowable.support.SyncopeEntitiesVariableType;
import org.apache.syncope.core.flowable.support.SyncopeFormHandlerHelper;
import org.apache.syncope.core.flowable.support.SyncopeIdmIdentityService;
@@ -32,7 +33,7 @@ import org.apache.syncope.core.workflow.java.WorkflowContext;
import org.flowable.common.engine.impl.AbstractEngineConfiguration;
import org.flowable.common.engine.impl.cfg.IdGenerator;
import org.flowable.common.engine.impl.history.HistoryLevel;
-import org.flowable.engine.impl.db.DbIdGenerator;
+import org.flowable.common.engine.impl.persistence.StrongUuidGenerator;
import org.flowable.idm.spring.SpringIdmEngineConfiguration;
import org.flowable.idm.spring.configurator.SpringIdmEngineConfigurator;
import org.springframework.beans.factory.annotation.Value;
@@ -106,18 +107,10 @@ public class WorkflowFlowableContext {
return new SyncopeEntitiesVariableType();
}
- /**
- * This is called to generate unique identifiers for database entities
used by Flowable.
- *
- * Consider to switch to {@link
org.flowable.common.engine.impl.persistence.StrongUuidGenerator} in
- * high-demanding production environments.
- *
- * @return {@link IdGenerator} used by Flowable
- */
@ConditionalOnMissingBean
@Bean
public IdGenerator idGenerator() {
- return new DbIdGenerator();
+ return new StrongUuidGenerator();
}
@ConditionalOnMissingBean
@@ -133,6 +126,7 @@ public class WorkflowFlowableContext {
conf.setCustomPreVariableTypes(List.of(syncopeEntitiesVariableType()));
conf.setFormHandlerHelper(syncopeFormHandlerHelper());
conf.setIdGenerator(idGenerator());
+ conf.setPreBpmnParseHandlers(List.of(new
ShellServiceTaskDisablingBpmnParseHandler()));
return conf;
}
diff --git
a/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/support/ShellServiceTaskDisablingBpmnParseHandler.java
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/support/ShellServiceTaskDisablingBpmnParseHandler.java
new file mode 100644
index 0000000..deacc9d
--- /dev/null
+++
b/ext/flowable/flowable-bpmn/src/main/java/org/apache/syncope/core/flowable/support/ShellServiceTaskDisablingBpmnParseHandler.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.flowable.support;
+
+import org.flowable.bpmn.model.BaseElement;
+import org.flowable.bpmn.model.ServiceTask;
+import org.flowable.engine.impl.bpmn.parser.BpmnParse;
+import org.flowable.engine.impl.bpmn.parser.handler.AbstractBpmnParseHandler;
+
+public class ShellServiceTaskDisablingBpmnParseHandler extends
AbstractBpmnParseHandler<ServiceTask> {
+
+ @Override
+ protected Class<? extends BaseElement> getHandledType() {
+ return ServiceTask.class;
+ }
+
+ @Override
+ protected void executeParse(final BpmnParse bpmnParse, final ServiceTask
element) {
+ if (ServiceTask.SHELL_TASK.equals(element.getType())) {
+ throw new IllegalArgumentException("Shell Service Tasks are not
allowed");
+ }
+ }
+}
diff --git a/fit/core-reference/src/main/resources/invalidRequest.bpmn20.xml
b/fit/core-reference/src/main/resources/invalidRequest.bpmn20.xml
new file mode 100644
index 0000000..b375156
--- /dev/null
+++ b/fit/core-reference/src/main/resources/invalidRequest.bpmn20.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<definitions xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL";
+ xmlns:activiti="http://activiti.org/bpmn";
targetNamespace="Examples">
+ <process id="invalid" name="invalid" isExecutable="true">
+ <startEvent id="theStart" />
+ <sequenceFlow sourceRef="theStart" targetRef="shellEcho" />
+ <serviceTask id="shellEcho" activiti:type="shell">
+ <extensionElements>
+ <activiti:field name="command" stringValue="cmd" />
+ <activiti:field name="arg1" stringValue="/c calc.exe" />
+ <activiti:field name="outputVariable" stringValue="resultVar"/>
+ </extensionElements>
+ </serviceTask>
+ <sequenceFlow sourceRef="shellEcho" targetRef="theTask" />
+ <userTask id="theTask" name="keep-alive task" />
+ <sequenceFlow sourceRef="theTask" targetRef="theEnd" />
+ <endEvent id="theEnd" />
+ </process>
+</definitions>
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserRequestITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserRequestITCase.java
index 0f845b1..ae9db45 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserRequestITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserRequestITCase.java
@@ -22,6 +22,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeFalse;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@@ -32,12 +33,14 @@ import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
+import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.PagedResult;
import org.apache.syncope.common.lib.to.RelationshipTO;
import org.apache.syncope.common.lib.to.UserRequestForm;
import org.apache.syncope.common.lib.to.UserRequest;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.to.WorkflowTaskExecInput;
+import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.rest.api.beans.UserRequestFormQuery;
import org.apache.syncope.common.rest.api.beans.UserRequestQuery;
import org.apache.syncope.common.rest.api.service.UserRequestService;
@@ -293,4 +296,16 @@ public class UserRequestITCase extends AbstractITCase {
assertTrue(client.getService(UserRequestService.class).
list(new
UserRequestQuery.Builder().user(user.getKey()).build()).getResult().isEmpty());
}
+
+ @Test
+ public void invalid() throws IOException {
+
WebClient.client(bpmnProcessService).type(MediaType.APPLICATION_XML_TYPE);
+ try {
+ bpmnProcessService.set("invalid",
+
IOUtils.toString(UserRequestITCase.class.getResourceAsStream("/invalidRequest.bpmn20.xml")));
+ fail();
+ } catch (SyncopeClientException e) {
+ assertEquals(ClientExceptionType.Workflow, e.getType());
+ }
+ }
}
