From 67d7c0f3a543d3da1c74a10317483aff045a560c Mon Sep 17 00:00:00 2001
From: Marco Rietveld <marcolof@gmail.com>
Date: Thu, 28 Jul 2016 14:31:03 +0200
Subject: [PATCH] RHBPMS-397 - Allow insecure Remote task operations (not only
 limited to GetTask* commands) (#551)

---
 .../command/AbstractRemoteCommandObject.java   |  2 +-
 .../services/util/ExecuteCommandUtil.java      | 18 ++++++++----------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/kie-remote/kie-remote-client/src/main/java/org/kie/remote/client/internal/command/AbstractRemoteCommandObject.java b/kie-remote/kie-remote-client/src/main/java/org/kie/remote/client/internal/command/AbstractRemoteCommandObject.java
index d1dece949d..a037088b04 100644
--- a/kie-remote/kie-remote-client/src/main/java/org/kie/remote/client/internal/command/AbstractRemoteCommandObject.java
+++ b/kie-remote/kie-remote-client/src/main/java/org/kie/remote/client/internal/command/AbstractRemoteCommandObject.java
@@ -165,7 +165,7 @@ protected <T> T executeCommand( Command cmd ) {
 
     void preprocessCommand( Command cmd ) {
         String cmdName = cmd.getClass().getSimpleName();
-        if( ! config.getDisableTaskSecurity() && cmd instanceof TaskCommand && cmdName.startsWith("GetTask") ) {
+        if( ! config.getDisableTaskSecurity() && cmd instanceof TaskCommand ) {
            TaskCommand taskCmd = (TaskCommand) cmd;
            String cmdUserId = taskCmd.getUserId();
            String authUserId = config.getUserName();
diff --git a/kie-remote/kie-remote-services/src/main/java/org/kie/remote/services/util/ExecuteCommandUtil.java b/kie-remote/kie-remote-services/src/main/java/org/kie/remote/services/util/ExecuteCommandUtil.java
index ea4f431147..65fcc547ed 100644
--- a/kie-remote/kie-remote-services/src/main/java/org/kie/remote/services/util/ExecuteCommandUtil.java
+++ b/kie-remote/kie-remote-services/src/main/java/org/kie/remote/services/util/ExecuteCommandUtil.java
@@ -42,16 +42,14 @@ public static JaxbCommandsResponse restProcessJaxbCommandsRequest(JaxbCommandsRe
                 if( cmd instanceof TaskCommand ) {
                     String cmdName = cmd.getClass().getSimpleName();
                     if( ! allowAllUsersAccessToAllTasks ) {
-                        if( cmdName.startsWith("GetTask") ) {
-                            String cmdUserId = ((TaskCommand) cmd).getUserId();
-                            if( cmdUserId == null ) {
-                                throw KieRemoteRestOperationException.badRequest("A null user id for a '" + cmdName + "' is not allowed!");
-                            }
-                            String authUserId = identityProvider.getName();
-                            if( ! cmdUserId.equals(authUserId) ) {
-                                throw KieRemoteRestOperationException.conflict("The user id used when retrieving task information (" + cmdUserId + ")"
-                                        + " must match the authenticating user (" + authUserId + ")!");
-                            }
+                        String cmdUserId = ((TaskCommand) cmd).getUserId();
+                        if( cmdUserId == null ) {
+                            throw KieRemoteRestOperationException.badRequest("A null user id for a '" + cmdName + "' is not allowed!");
+                        }
+                        String authUserId = identityProvider.getName();
+                        if( ! cmdUserId.equals(authUserId) ) {
+                            throw KieRemoteRestOperationException.conflict("The user id used when retrieving task information (" + cmdUserId + ")"
+                                    + " must match the authenticating user (" + authUserId + ")!");
                         }
                     }
                 }