Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-7025

Setting the authzRoles 's attribute Return by Default to true, triggers the error "Changes pending - Authorization Roles"

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 4.5.0
    • Fix Version/s: OpenIDM 5.0.0
    • Component/s: None
    • Sprint:
      OpenIDM Sprint 68
    • Cases:
    • Support Ticket IDs:

      Description

      Test case : OOTB OpenIDM 4.5

      #1. setup OpenDJ 2.6.4
      
      #2. Populated the OpenDJ with users
      
      opendj2.6.4-1389/bin/ldapmodify -a -c --bindDN "cn=Directory Manager" --bindPassword password --hostname localhost --port 1389 --filename openidm-4.5.0/samples/sample2d/data/Example.ldif
      
      #3. setup OpenIDM 4.5.0 and startup with sample2d
      
      #4. reconcile systemLdapAccounts_managedUser
      #5. Click on Manage -> Users -> Bjensen ( no issue yet )
      
      #6.  click on Configure -> Managed Objects -> Users -> Schema
      
      Change the authzRoles 's attribute Return by Default  to true
      
      #7. Save
      
      #8. Repeat Step #5. You will see this error message at the end of the page
      
      Changes pending. 
      - Authorization Roles
      
      Or refer my attachment in this bug report
      

      The following error was observed in the console

      Resource exception: 500 Internal Server Error: "Internal Server Error"
      org.forgerock.json.resource.InternalServerErrorException: Internal Server Error
      	at org.forgerock.openidm.managed.ManagedObjectSet.patchResource(ManagedObjectSet.java:1140)
      	at org.forgerock.openidm.managed.ManagedObjectSet.patchResourceById(ManagedObjectSet.java:1022)
      	at org.forgerock.openidm.managed.ManagedObjectSet.patchInstance(ManagedObjectSet.java:991)
      	at org.forgerock.json.resource.InterfaceCollectionInstance.handlePatch(InterfaceCollectionInstance.java:54)
      	at org.forgerock.json.resource.Router.handlePatch(Router.java:283)
      	at org.forgerock.openidm.managed.ManagedObjectService$ManagedObjectSetRequestHandler.handlePatch(ManagedObjectService.java:190)
      	at org.forgerock.json.resource.Router.handlePatch(Router.java:283)
      	at org.forgerock.openidm.managed.ManagedObjectService.handlePatch(ManagedObjectService.java:294)
      	at org.forgerock.json.resource.Router.handlePatch(Router.java:283)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:89)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterPatch(Filters.java:82)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterPatch(Filters.java:82)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.openidm.filter.ScriptedFilter$4.apply(ScriptedFilter.java:128)
      	at org.forgerock.openidm.filter.ScriptedFilter$4.apply(ScriptedFilter.java:125)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:223)
      	at org.forgerock.openidm.filter.ScriptedFilter.filterRequest(ScriptedFilter.java:190)
      	at org.forgerock.openidm.filter.ScriptedFilter.filterPatch(ScriptedFilter.java:124)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterPatch(Filters.java:80)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.openidm.audit.filter.AuditFilter$4.apply(AuditFilter.java:132)
      	at org.forgerock.openidm.audit.filter.AuditFilter$4.apply(AuditFilter.java:129)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:223)
      	at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:204)
      	at org.forgerock.openidm.audit.filter.AuditFilter.filterPatch(AuditFilter.java:128)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterPatch(Filters.java:80)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$5.filterPatch(ServletConnectionFactory.java:506)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.openidm.filter.PassthroughFilter.filterPatch(PassthroughFilter.java:68)
      	at org.forgerock.openidm.filter.MutableFilterDecorator.filterPatch(MutableFilterDecorator.java:76)
      	at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:87)
      	at org.forgerock.json.resource.FilterChain.handlePatch(FilterChain.java:225)
      	at org.forgerock.json.resource.InternalConnection.patchAsync(InternalConnection.java:70)
      	at org.forgerock.json.resource.AbstractConnectionWrapper.patchAsync(AbstractConnectionWrapper.java:159)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$1$1.patchAsync(ServletConnectionFactory.java:264)
      	at org.forgerock.json.resource.http.RequestRunner.visitPatchRequest(RequestRunner.java:221)
      	at org.forgerock.json.resource.http.RequestRunner.visitPatchRequest(RequestRunner.java:73)
      	at org.forgerock.json.resource.Requests$PatchRequestImpl.accept(Requests.java:366)
      	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:119)
      	at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:566)
      	at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:563)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      
      

      There is no impact to the functionality though.

      Running the following script

      myid=`curl -s  --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request GET 'http://localhost:8080/openidm/managed/user?_queryFilter=/userName+eq+"bjensen"&_fields=_id&_prettyPrint=true' | jq -r .result[]._id`
      
      echo $myid
      
       curl -s  --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin"  --request GET "http://localhost:8080/openidm/managed/user/$myid?_fields=*" | jq . 
      
      

      Produce this output

      
        "_id": "4f11aa16-0546-42f4-93e3-a318cbc36700",
        "_rev": "8",
        "displayName": "Barbara Jensen",
        "description": "Created for OpenIDM",
        "givenName": "Barbara",
        "mail": "bjensen@example.com",
        "telephoneNumber": "1-360-229-7105",
        "sn": "Jensen",
        "userName": "bjensen",
        "ldapGroups": [
          "cn=openidm2,ou=Groups,dc=example,dc=com"
        ],
        "accountStatus": "active",
        "effectiveRoles": [],
        "effectiveAssignments": [],
        "authzRoles": [     <======
          {
            "_ref": "repo/internal/role/openidm-authorized",
            "_refProperties": {
              "_id": "22ea242f-7493-482a-90e3-a27aa0595204",
              "_rev": "1"
            }
          }
      
      

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              sam.phua Sam Phua
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: