Claim Task With InvalidUser

Hi, i m using Camunda API for claiming task

It working for right user.
But when i send wrong user-id in payload. It doesnot throw error.

1 Like

I have observed this issue too…do share solution if you find any

Hi @gumang and @Atmesh_Agarwal1,

it is a matter of authorizations. It’s hard to define “wrong user”.

Checkout the possibilties by yourself here: Authorization Service |

And be aware that the camunda-bpm-spring-boot-starter disables authorization checks by default.

Hope this helps, Ingo

Hi @Ingo_Richtsmeier
Authorization is enabled.
But my problem is not authentication.
Its about the userId in payload. That userId doesnot exist in system.
For example:
Url: rest/task/100453/claim
Authentication: admin/admin
Payload: {“userId”:“sdfdsf”}

Admin here is valid user and have all privileges.
He/She assigns the task 100453 to sdfdsf. But there is no such user. I expect some message from camunda whether there is any such user

Hi @gumang,

The core of the Camunda engine treats users , groups and tenants as simple text strings

Validation of assignee existence could by implemented by a generic task listener to be triggered on assignment event.

identityService = delegateTask.getProcessEngineServices()
processEngine = Context.getProcessEngineConfiguration()
engineConfiguration = processEngine.getProcessEngineConfiguration();

if (delegateTask.getAssignee() != null) {

    currentAuthentication = identityService.getCurrentAuthentication();

    try {


        // run without authorization checks
        assigneeEntity = identityService.createUserQuery()

    finally {


    if (assigneeEntity == null) {

        throw new ProcessEngineException("Invalid assignee");

Hi @hassang
Thanks for the solution. I will try it out and update here

@hassang Thanks, It worked
As a curious person and engineer, i dont understand why this is not implemented by camunda