Task listener - identity service - authentication needed?


I posted a question about CDI in task listeners yesterday. I got a very quick answer which perfectly solved my problem. After being successfully injected, the identity service (see the previous question to understand the context, please) was returning wrong results of queries, e.g.:


returned 0 groups.

I was trying to figure it out for a few hours, then I came with an idea that there could have been some problem with permissions. So I tried this:

List<String> groups = new ArrayList<>();
identityService.setAuthentication("admin", groups); //consider admin as a user with proper permission

List<Group> groups = identityService.createGroupQuery().list();


With authentication being set, the groups variable contained all existing groups correctly.

It is working now. But I don’t understand the behavior completely. When I create the query inside a bean (and by that I mean, for example, service task with such expression as ${bean.query()}) there is no need to specify any authentication and it returns correct results.

I add that I use LDAP identity service on JBoss application server.

In advance, thank you for an explanation.

Hi denis,

Based on Daniel Meyer’s answer

is a ThreadLocal. It has to be set somewhere”

In your failed case identityService.getCurrentAuthentication() would return null

"The camunda web applications (Cockpit, Tasklist) will do so automatically so if you trigger (for instance by completing a user task) a process instance from the web application, and then synchronously invoke the service task, the ThreadLocal will be populated. Otherwise it won’t (unless you set it yourself)."

:point_up_2:That is what happened in your success case

Hi hassang,

thank you very much for making it clear for me. I can understand it now.