Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8966

UmaIdRepoCreationListener can register unnecessary policyApplicationListeners

    Details

    • Target Version/s:
    • Rank:
      1|hzritb:

      Description

      Reproduction steps:

      1) Hit a url/endpoint that invokes the AMIdentityRepository constructor with a realm name using different letter cases each time (name, Name, naMe etc.)

      e.g

      http://openam.example.com/openam/XUI/#realms/%2FtestrealmName/authentication-settings
      http://openam.example.com/openam/XUI/#realms/%2FtestrealMName/authentication-settings
      http://openam.example.com/openam/XUI/#realms/%2FtestrealmNamE/authentication-settings
      

      2) Through debugging you can see that in UmaIdRepoCreationListener.notify() a new lister is created for each example.

      This will cause the UmaPolicyApplicationListener to be invoked multiple times during persistent search notifications or SMS updates on the AgentRepo.
      This may in turn lead to unnecessary calls to data store to delete/create UMA polices, applications etc.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jamesphillpotts James Phillpotts
                Reporter:
                jonthomas Jonathan Thomas
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: