Database exception when setting Authorization Object

AymanPatel · October 7, 2020, 4:16am

I am adding authorization object (user and groups) AuthorizationService


for (Resource resource : Resources.values()) {
            AuthorizationEntity authorizationObject = new AuthorizationEntity(AUTH_TYPE_GRANT);
            authorizationObject.setGroupId(group);
            authorizationObject.setResource(resource);
            authorizationObject.setResourceId(ANY);
            authorizationObject.addPermission(ALL);
            authorizationService.saveAuthorization(authorizationObject);


}

I am getting ORA-00001: unique constraint (ACT_UNIQ_AUTH_GROUP) violated exception` :

ENGINE-03004 Exception while executing Database Operation 'INSERT AuthorizationEntity[90f11610-07c6-11eb-8aeb-025041000001]' with message '\r\n### Error flushing statements.  Cause: org.apache.ibatis.executor.BatchExecutorException: org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity.insertAuthorization (batch index #1) failed. Cause: java.sql.BatchUpdateException: ORA-00001: unique constraint (ACT_UNIQ_AUTH_GROUP) violated\n\r\n### Cause: org.apache.ibatis.executor.BatchExecutorException: org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity.insertAuthorization (batch index #1) failed. Cause: java.sql.BatchUpdateException: ORA-00001: unique constraint (ACT_UNIQ_AUTH_GROUP) violated\n'. Flush summary: \n [\n  INSERT AuthorizationEntity[90f11610-07c6-11eb-8aeb-025041000001]\n]

AymanPatel · October 12, 2020, 9:26am

Is it possible to add 2 userId for same groupIds?

aravindhrs · October 13, 2020, 12:33pm

Hi @AymanPatel ,

Yes, it’s possible to add two users to the same group.
But in the above code what you’re trying is when every time you add the user to the group, you’re trying to re-create the same group authorizations., so that leads to the unique constraint violation exception.
Group authorizations no need to create for every user when you add the users to the existing group.
You just need to create membership between the user and the group.

Try like this below:

To create authorization for the group:

List<Resource> resourceList = Stream.of(Resources.values()).map(res -> (Resource) res).collect(Collectors.toList());
    resourceList.forEach(resource -> {
      AuthorizationQuery authorizationQuery = authorizationService.createAuthorizationQuery()
          .groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(Authorization.ANY);
      if (authorizationQuery.count() == 0) {        
        AuthorizationEntity adminUserAuthorizationEntity = new AuthorizationEntity(Authorization.AUTH_TYPE_GRANT);
        adminUserAuthorizationEntity.setGroupId(Groups.CAMUNDA_ADMIN);
        adminUserAuthorizationEntity.setResource(resource);
        adminUserAuthorizationEntity.setResourceId(Authorization.ANY);
        adminUserAuthorizationEntity.addPermission(Permissions.ALL);
        authorizationService.saveAuthorization(adminUserAuthorizationEntity);
      }
    });

To add users to the existing group:

Group userGroupMembership = identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN)
        .groupMember(workflowConfig.getWorkflowusername()).singleResult();
    if (Objects.isNull(userGroupMembership)) {     
      identityService.createMembership(workflowConfig.getWorkflowusername(), Groups.CAMUNDA_ADMIN);
    }

system · January 30, 2024, 12:41pm