Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8962

Unable to set Start and End IPCondition condition policy

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.3, 13.0.0
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: entitlements
    • Labels:
      None
    • Support Ticket IDs:

      Description

      It is not possible to set a Policy IP condition for start IP and end IP
      and the error return "JSON string is invalid . Start IP can not be larger than end IP". The Policy debug files shows

      Caused by: com.sun.identity.entitlement.EntitlementException: Start IP can not be larger than end IP.
              at org.forgerock.openam.entitlement.conditions.environment.IPvXCondition.setStartIpAndEndIp(IPvXCondition.java:185)
              at org.forgerock.openam.entitlement.conditions.environment.IPv4Condition.setStartIpAndEndIp(IPv4Condition.java:37)
              at org.forgerock.openam.entitlement.conditions.environment.IPvXCondition.<init>(IPvXCondition.java:94)
              at org.forgerock.openam.entitlement.conditions.environment.IPv4Condition.<init>(IPv4Condition.java:67)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
      

      It turns out that the code org.forgerock.openam.entitlement.conditions.environment.IPvXCondition.java

      public void setStartIpAndEndIp(String startIp, String endIp) throws EntitlementException {
          T startIpValue = startIp == null ? initialStartIp : stringToIp(startIp);
          T endIpValue = endIp == null ? initialEndIp : stringToIp(endIp);
      ...
         if (¸
           debugWarning("Validation: {0} is before {1}", END_IP, START_IP);
            throw new EntitlementException(END_IP_BEFORE_START_IP);
        }
      

      has issue it should use the comparison using

      if (startIpValue.compareTo(endIpValue) > 0).

      Testcase

      1. Goto to create a new Policy and got Condition select IP condition
      2. Add
        -startIp: 128.39.122.99
        -endIp: 128.39.122.100
      3. Save and see

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
              QA Assignee:
              Filip Kubáň [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: