Defect #2077
closedAn assertion occurs when coming to password tab of identity after it was removed from system
100%
Description
Steps to reproduce are.
A system with PASSWORD provisioning is necessary. Used postgres.
1) add a role for given system to an identity
2) change manually password of the identity
3) remove that role from the identity
4) go to the password tab of the identity
assertion/exception is thrown
Updated by Ondrej Husník about 4 years ago
java.lang.IllegalArgumentException: DTO is required.
at org.springframework.util.Assert.notNull(Assert.java:198)
at eu.bcvsolutions.idm.core.api.utils.DtoUtils.getEmbedded(DtoUtils.java:33)
at eu.bcvsolutions.idm.core.api.utils.DtoUtils.getEmbedded(DtoUtils.java:52)
at eu.bcvsolutions.idm.core.api.utils.DtoUtils.getEmbedded(DtoUtils.java:70)
at eu.bcvsolutions.idm.acc.event.processor.IdentityPasswordPreValidateDefinitionProcessor.validateDefinition(IdentityPasswordPreValidateDefinitionProcessor.java:78)
at eu.bcvsolutions.idm.acc.event.processor.IdentityPasswordPreValidateDefinitionProcessor.process(IdentityPasswordPreValidateDefinitionProcessor.java:63)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:238)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor$$FastClassBySpringCGLIB$$df69624d.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at eu.bcvsolutions.idm.acc.event.processor.IdentityPasswordPreValidateDefinitionProcessor$$EnhancerBySpringCGLIB$$4f8624c9.onApplicationEvent(<generated>)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:372)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:228)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:158)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$a769b723.process(<generated>)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmIdentityService.validatePassword(DefaultIdmIdentityService.java:479)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmIdentityService$$FastClassBySpringCGLIB$$8401595e.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmIdentityService$$EnhancerBySpringCGLIB$$6c526bf0.validatePassword(<generated>)
at eu.bcvsolutions.idm.core.rest.impl.PasswordChangeController.validate(PasswordChangeController.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1039)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:919)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:663)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at eu.bcvsolutions.idm.core.security.auth.filter.ExtendExpirationFilter.doFilter(ExtendExpirationFilter.java:69)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at eu.bcvsolutions.idm.core.security.api.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
Updated by Ondrej Husník about 4 years ago
The cause of this situation is an attempt to find a system according to the account which represents the record of given identity. But the account doesn't exist at that moment (because of previous removal of the identity from system) and returned DTO is null which causes an assertion. This happens in IdentityPasswordPreValidateDefinitionProcessor.
https://github.com/bcvsolutions/CzechIdMng/pull/86/commits/e131ab6870a5be5532e66d4823bcea07cd4fa280
Updated by Ondrej Husník about 4 years ago
- Category set to Password
- Status changed from New to Needs feedback
- Assignee changed from Ondrej Husník to Ondřej Kopr
- % Done changed from 0 to 90
Updated by Ondrej Husník about 4 years ago
- Assignee changed from Ondřej Kopr to Radek Tomiška
Updated by Radek Tomiška about 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Radek Tomiška to Ondrej Husník
- % Done changed from 90 to 100
I did test and review, it works and code looks nice, thx!
Note: The source of this issue is on FE component PasswordChangeComponent#_preValidate method, which doesn't wait to refresh idnetity accounts, but this fix will work without redesign whole FE component.
Updated by Radek Tomiška about 4 years ago
- Status changed from Resolved to Closed