Actions
Defect #3365
closed
Role request ends in error after assigning role, whitch creates an account
Start date:
05/15/2023
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
The issue is twofold:
- First, the role request takes a long time to complete, when assigning a role, which grants a system account. The time to finish scales linearly with the number of role assignments in the environment.
- Second, in some rare cases, the request may end with the following error
2023-05-15 10:42:56.620 ERROR 3384320 --- [event-task-executor-3] e.b.i.c.m.s.i.DefaultIdmRoleRequestService.processException : Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
eu.bcvsolutions.idm.core.api.exception.ResultCodeException: Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.createIdentityAccountIfNotExists(DefaultAccAccountManagementService.java:840)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.lambda$resolveNewIdentityRoles$5(DefaultAccAccountManagementService.java:220)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.resolveNewIdentityRoles(DefaultAccAccountManagementService.java:217)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$FastClassBySpringCGLIB$$7078bda6.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:687)
at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$EnhancerBySpringCGLIB$$d2814454.resolveNewIdentityRoles(<generated>)
at eu.bcvsolutions.idm.acc.event.processor.RoleRequestRealizationProcessor.process(RoleRequestRealizationProcessor.java:103)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
at eu.bcvsolutions.idm.core.model.event.processor.event.EntityEventExecuteProcessor.process(EntityEventExecuteProcessor.java:52)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$2.run(DefaultEntityEventManager.java:655)
at eu.bcvsolutions.idm.core.config.DelegatingTransactionContextRunnable.run(DelegatingTransactionContextRunnable.java:39)
at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java:84)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
There is a workaround to fix failed role requests:
- Go to the detail page of the role request and execute it again. This will result in a closed request, but accounts won't be recalculated
- Manually run account recalculation and provisioning on given identity
Updated by Peter Štrunc almost 1 year ago
- Tracker changed from Task to Defect
- Status changed from New to In Progress
- % Done changed from 0 to 80
- Affected versions 13.0.0 added
Updated by Peter Štrunc 12 months ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Peter Štrunc to Ondřej Kopr
PR: https://github.com/bcvsolutions/CzechIdMng/pull/390
@kopro could you check it out, please?
Actions