Actions
Defect #2043
closed
Account in protection can't be linked to new identity
Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
Account managment
Target version:
Start date:
02/06/2020
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
Existing account in protection without connection to identity can't be linked again to new identity.
Use case:- identity has ended contract,
- account is moved into protection mode,
- administrator delete the identity (release username),
- after some time will be crated identity with same username and UID (resuming - znovu nástup :)),
- identity obtain role with mapped system (eq role request, automatic role, etc),
- the role request failed with exception:
java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null
at org.springframework.util.Assert.notNull(Assert.java:115)
at org.springframework.util.Assert.notNull(Assert.java:126)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccIdentityAccountService.delete(DefaultAccIdentityAccountService.java:104)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccIdentityAccountService.delete(DefaultAccIdentityAccountService.java:94)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccIdentityAccountService.delete(DefaultAccIdentityAccountService.java:88)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccIdentityAccountService.delete(DefaultAccIdentityAccountService.java:47)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccIdentityAccountService$$FastClassBySpringCGLIB$$90657c7.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
Role, identity account and connection with account missing event state in idm is executed.
Warning for project:- While is role added by automatically role by organizational structure during contract/contract slice synchronization the error is in log and synchronization log.
- While is role added by automatically role by attribute. The task ProcessAllAutomaticRoleByAttributeTaskExecutor failed and can't be finished without fix this account.
In both cases exists in logs IDs of role request and role concept, but all these entities are rolled back.
Workaround: Unset protection by DB
update acc_account set in_protection = false, end_of_protection = null where uid = '<ACCOUNT UID>';
Affected version: 9.7.11 (tested version, probably also higher version)
Actions