Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5821

Realm parameter is redundant in rest body for policy applications

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.0, 13.0.0
    • Fix Version/s: 13.0.0
    • Component/s: policy, rest
    • Labels:
    • Environment:
      OpenAM 13.0.0-SNAPSHOT Build 13426 (2015-April-14 02:53)
    • Rank:
      1|hzlihb:
    • Sprint:
      Sprint 91 - Team Curie

      Description

      Realm parameter is a redundant in rest body for policy applications. Realm is specified in endpoint:
      Top realm:
      /json/applications/
      Subrealm
      /json/<REALM NAME>/applications/

      The parameter seems entirely redundant, and potentially risky

      If I don't provide realm parameter for top realm, realm is set to "/", but if I don't provide it for subrealm I am getting 400, see bellow:
      Request:

      curl --request POST \
      --header "iPlanetDirectoryPro: <ADMIN TOKEN>" \
      --header "Content-Type: application/json" \
      --data '{"resourceTypeUuids": ["76656a38-5f8e-401b-83aa-4ccb74ce88d2"], 
      "conditions": [ "AMIdentityMembership" ], 
      "name": "testPolApp", 
      "entitlementCombiner": "DenyOverride", 
      "subjects": [ "AuthenticatedUsers" ], 
      "applicationType": "crestPolicyService"}' \
      "http://openam.forgerock.com:8080/openam/json/subrealm/applications/?_action=create"
      

      Response:

      {
        "code" : 400,
        "reason" : "Bad Request",
        "message" : "Attempted to create Application in realm /, but request originated from /subrealm."
      }
      

      The fix also requires UI changes.

      • Create Application page should not include "realm" in JSON body
      • Edit Application page should not include "realm" in JSON body

        Attachments

          Activity

            People

            • Assignee:
              jaco.jooste Jaco Jooste
              Reporter:
              richard.hruza Richard Hruza
              QA Assignee:
              Richard Hruza
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: