Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9849

isActive check should fail if the user is inactive in any of the configured data stores

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0
    • Fix Version/s: 13.5.1, 14.0.0
    • Component/s: idrepo
    • Labels:
    • Sprint:
      AM Sustaining Sprint 31
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      The logic for checking whether a user is active or not is to look through all configured datastores. If one datastore returns active then the other datastores are not checked.
      I believe this should be the other way around, so if any of the data stores, the isActive should return false.
      In other words, "if there are at least 2 datastores (let's say A and B), the "active" information should rather be (A.isActive() AND B.isActive()) than (A.isActive() || B.isActive())"

      IdServicesImpl.isActive()

             boolean active = false;
             while (it.hasNext()) {
                 IdRepo idRepo = (IdRepo) it.next();
                 try {
                     if (idRepo.getClass().getName().equals(
                         IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
                         active = idRepo.isActive(token, type, amsdkDN);
                     } else if (idRepo.getClass().getName().equals(
                         IdConstants.SPECIAL_PLUGIN)) {
                         // Already checked above
                         noOfSuccess--;
                         continue;
                     } else {
                         active = idRepo.isActive(token, type, name);
                     }
                     if (active) {
                         break;
                     }
                 } catch (IdRepoFatalException idf) {
                     // fatal ..throw it all the way up
                     DEBUG.error("IdServicesImpl.isActive: Fatal Exception ", idf);
                     throw idf;
                 } catch (IdRepoException ide) {
                     if (idRepo != null && DEBUG.warningEnabled()) {
                         DEBUG.warning("IdServicesImpl.isActive: "
                             + "Unable to check isActive identity in the "
                             + "following repository "
                             + idRepo.getClass().getName() + " :: "
                             + ide.getMessage());
                     }
                     noOfSuccess--;
                     origEx = (origEx == null) ? ide : origEx;
                 }
             }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: