Actions
Defect #1885
closed
Removing an automatic role by attribute creates a request in concept with editable detail and after submitting it again, Server error appears
Start date:
10/01/2019
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
Remove automatic role by "bulk action" creates new IdmAutomaticRoleRequestDto in concept state. As admin I'm able edit this request in concept state that is already running in RemoveAutomaticRoleTaskExecutor.
I checked checkbox executeImmediately or just executed this concept again and after LRT RemoveAutomaticRoleTaskExecutor finished the request still exists in concept state with link to non exists automatic role (automatic ). This issue brokes table with "Change request for automatic role".
Workarounds:- After delete whole automatic role by attribute isn't allowed edit request in concept. Admin must just wait for complete the task that running on backend,
- Or remove all rules from automatic role and then remove whole automatic role withou rules.
Affected version: all from automatic role requests
Files
Related issues
Updated by Alena Peterová almost 4 years ago
- File deleted_automatic_role.png deleted_automatic_role.png added
- Subject changed from Remove automatic role by attribute create request in concept with editable detail to Removing an automatic role by attribute creates a request in concept with editable detail and after submitting it again, Server error appears
We got this error in version 9.7.16 so I will try to be more specific.
Steps to reproduce:- Remove the automatic role by attributes which is assigned to a lot of users. Standard removing from GUI - check the checkbox and choose Remove from the select box.
- A modal appears with no more info.
- Refresh the page and open the detail of the concept, which appeared in the table "Change request for automatic role".
- Click "Submit a request"
- The table with requests for automatic roles can't be displayed anymore and you get Server error
In our case, it was a role assigned to 400 users, which did provisioning to a connected system. The removal took overall 4 minutes, but the admin didn't see that something already happened, so he refreshed the page and submitted the request again.
The same UX problem was reported here: https://redmine.czechidm.com/issues/2027, but I don't know if it will solve this problem, that you can submit a request which is already running and your data will get inconsistent.
Logs:
2020-06-25 15:25:26.903 ERROR 19417 --- [io-8009-exec-10] o.s.boot.context.web.ErrorPageFilter : Cannot forward to error page for request [/api/v1/automatic-role-attributes/delete-via-request/67d57b9f-92c7-429b-926c-
7743b9457016] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem b
y setting com.ibm.ws.webcontainer.invokeFlushAfterService to false
eu.bcvsolutions.idm.core.api.exception.AcceptedException:
at eu.bcvsolutions.idm.core.rest.impl.IdmAutomaticRoleAttributeController.deleteViaRequest(IdmAutomaticRoleAttributeController.java:166)
......
org.springframework.orm.jpa.JpaObjectRetrievalFailureException: Unable to find eu.bcvsolutions.idm.core.model.entity.IdmAutomaticRole with id 2fb78d4e-6ee5-4979-8bb7-e43f43160640; nested exception is javax.persistence.En
tityNotFoundException: Unable to find eu.bcvsolutions.idm.core.model.entity.IdmAutomaticRole with id 2fb78d4e-6ee5-4979-8bb7-e43f43160640
at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:389)
at org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:227)
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.translateExceptionIfPossible(AbstractEntityManagerFactoryBean.java:436)
at org.springframework.dao.support.ChainedPersistenceExceptionTranslator.translateExceptionIfPossible(ChainedPersistenceExceptionTranslator.java:59)
at org.springframework.dao.support.DataAccessUtils.translateIfNecessary(DataAccessUtils.java:213)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:147)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:131)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
at com.sun.proxy.$Proxy252.findAll(Unknown Source)
at eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService.findEntities(AbstractReadDtoService.java:330)
at eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService.find(AbstractReadDtoService.java:203)
at eu.bcvsolutions.idm.core.api.service.AbstractReadDtoService$$FastClassBySpringCGLIB$$120a9283.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmAutomaticRoleRequestService$$EnhancerBySpringCGLIB$$1b9c5f06.find(<generated>)
Workaround so the Server error doesn't appear was to update the record in the database.
update idm_auto_role_request set auto_role_att_id = NULL where auto_role_att_id = uuid_send('2fb78d4e-6ee5-4979-8bb7-e43f43160640'::uuid);
TODO, maybe we should also change the CONCEPT state??
Updated by Alena Peterová almost 4 years ago
- Related to Feature #2027: Deleting role which was assigned and removed from thousands users took long and you have no info on FE what is happening added
Updated by Radek Tomiška almost 4 years ago
- Status changed from New to In Progress
- Assignee changed from Ondřej Kopr to Radek Tomiška
- Target version set to 10.4.0
Updated by Radek Tomiška almost 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
I fixed validation to prevent execute automatic role removal twice. The main issues was with role requests and concepts was removed after task was ended => validation doesn't work. This was common issue for all LRT with overriden 'end' method - I fixed them all and javadoc is improved.
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/1bae8c236dcd8a33ae34bd103ccaf373dce77c1b
Could you provide me a feedback, please?
Updated by Vít Švanda almost 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and tested it. Work correctly. Thanks for this.
Updated by Vít Švanda almost 4 years ago
- Status changed from Resolved to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
Updated by Vít Švanda almost 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
Updated by Radek Tomiška almost 4 years ago
- Status changed from Resolved to Closed
Actions