Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13741

admin UI causes exception while loading a managed resource with a relationship to a non-existent resource

    XMLWordPrintable

    Details

    • Target Version/s:
    • Story Points:
      2
    • Sprint:
      2020.04 - IDM

      Description

      To reproduce this issue

      1. Create a relationship with validate set to false. For example managed/user (mygroups) <many to many> managed/group (mymembers), attached is the sample managed.json

                          "mygroups" : {
                              "title" : "mygroups",
                              "viewable" : true,
                              "searchable" : false,
                              "userEditable" : false,
                              "returnByDefault" : false,
                              "type" : "array",
                              "items" : {
                                  "type" : "relationship",
                                  "reverseRelationship" : true,
                                  "reversePropertyName" : "mymembers",
                                  "validate" : false,
      
      

      2. Create a new user referencing a non-existent group.

      POST /openidm/managed/user?_action=create
      {
      	"givenName" : "test2",
      	"sn" : "test2",
      	"userName" : "test2",
      	"mail" : "test2@example.com",
      	"mygroups" : [{"_ref": "managed/group/group2"}]
      }
      

      The REST call is successful

      GET /openidm/managed/user/61749b6c-7785-43f8-9e9e-0ff15b6bf6a6?_fields=*,mygroups
      
      {
          "_id": "61749b6c-7785-43f8-9e9e-0ff15b6bf6a6",
          "_rev": "0000000062d979ff",
          "givenName": "test2",
          "sn": "test2",
          "userName": "test2",
          "mail": "test2@example.com",
          "accountStatus": "active",
          "effectiveRoles": [],
          "effectiveAssignments": [],
          "mygroups": [
              {
                  "_ref": "managed/group/group2",
                  "_refResourceCollection": "managed/group",
                  "_refResourceId": "group2",
                  "_refProperties": {
                      "_id": "9cb5020f-d53d-48be-a8d2-ad829da24f1f",
                      "_rev": "00000000852aa0ed"
                  }
              }
          ]
      }
      

      3. Load the user in admin ui. The REST call /openidm/managed/user/cda3731d-4812-4126-92e9-15a3b6dd51c3/mygroups?_pageSize=50&_sortKeys=_id&_totalPagedResultsPolicy=ESTIMATE&_queryFilter=true&_fields= causes an exception

      -> [164] Sep 04, 2019 10:54:51.900 AM org.forgerock.openidm.relationship.EdgeCollectionInternals lambda$dispatchQuery$3
      SEVERE: Error expanding resource: No Such Entry: The search base entry 'uid=group2,ou=group,ou=managed,dc=openidm,dc=forgerock,dc=com' does not exist
      org.forgerock.json.resource.NotFoundException: No Such Entry: The search base entry 'uid=group2,ou=group,ou=managed,dc=openidm,dc=forgerock,dc=com' does not exist
      	at org.forgerock.opendj.rest2ldap.Rest2Ldap.asResourceException(Rest2Ldap.java:354)
      	at org.forgerock.opendj.rest2ldap.SubResourceImpl.lambda$adaptLdapException$22(SubResourceImpl.java:1109)
      	...
      	at org.forgerock.openidm.repo.opendj.impl.OpenDJRepoService.handleRead(OpenDJRepoService.java:176)
      	...
      	at org.forgerock.openidm.managed.ManagedObjectSet.readInstance(ManagedObjectSet.java:1012)
      	...
      	at org.forgerock.openidm.relationship.EdgeInternals.expandFields(EdgeInternals.java:644)
      	at org.forgerock.openidm.relationship.EdgeCollectionInternals.lambda$dispatchQuery$3(EdgeCollectionInternals.java:288)
      	at org.forgerock.openidm.relationship.impl.augmentation.AugmentingQueryResourceFilterProxy.handleResource(AugmentingQueryResourceFilterProxy.java:51)
      	...
      	at org.eclipse.jetty.server.Server.handle(Server.java:499)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
      	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: No Such Entry: The search base entry 'uid=group2,ou=group,ou=managed,dc=openidm,dc=forgerock,dc=com' does not exist
      	at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:246)
      	at org.opends.server.protocols.ReactiveHandlersUtils.emitResult(ReactiveHandlersUtils.java:390)
      	at org.opends.server.api.ClientConnection.sendResponse(ClientConnection.java:301)
      	at org.opends.server.core.SearchOperation.sendSearchResultDone(SearchOperation.java:636)
      	at org.opends.server.core.SearchOperation.run(SearchOperation.java:779)
      	at org.opends.server.protocols.internal.AbstractInternalClientConnection.handleRequest(AbstractInternalClientConnection.java:365)
      	at org.opends.server.protocols.internal.AbstractInternalClientConnection.lambda$handle$0(AbstractInternalClientConnection.java:348)
      	...
      	at org.opends.server.protocols.internal.AbstractInternalClientConnection$InternalConnection.search(AbstractInternalClientConnection.java:146)
      	at org.forgerock.opendj.ldap.AbstractSynchronousConnection.searchAsync(AbstractSynchronousConnection.java:132)
      	at org.forgerock.opendj.rest2ldap.authz.TransactionIdConnection.searchAsync(TransactionIdConnection.java:99)
      	at org.forgerock.opendj.ldap.AbstractConnection.searchAsync(AbstractConnection.java:352)
      	at org.forgerock.opendj.ldap.AbstractConnection.searchSingleEntryAsync(AbstractConnection.java:378)
      	at org.forgerock.opendj.rest2ldap.SubResourceImpl.read(SubResourceImpl.java:898)
      	... 422 more
      

      4. If validate is set to true for the relationships, then step 2 would fail with

      {
          "code": 400,
          "reason": "Bad Request",
          "message": "The referenced object 'managed/group/group2', does not exist"
      }
      

        Attachments

          Activity

            People

            Assignee:
            alin Alin Brici
            Reporter:
            yinyan.cao Yinyan Cao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: