Project

General

Profile

Actions
Copy link

Defect #3365

closed

Role request ends in error after assigning role, whitch creates an account

Added by Peter Štrunc over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
-
Target version:
13.0.5
Start date:
05/15/2023
Due date:
% Done:

100%

Estimated time:
Affected versions:
13.0.0
Owner:

Description

The issue is twofold:

  • First, the role request takes a long time to complete, when assigning a role, which grants a system account. The time to finish scales linearly with the number of role assignments in the environment.
  • Second, in some rare cases, the request may end with the following error
2023-05-15 10:42:56.620 ERROR 3384320 --- [event-task-executor-3] e.b.i.c.m.s.i.DefaultIdmRoleRequestService.processException : Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
eu.bcvsolutions.idm.core.api.exception.ResultCodeException: Uid [%] already exists. Change uid for account [%s] for system [%s] in mapping [%s]
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.createIdentityAccountIfNotExists(DefaultAccAccountManagementService.java:840)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.lambda$resolveNewIdentityRoles$5(DefaultAccAccountManagementService.java:220)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.resolveNewIdentityRoles(DefaultAccAccountManagementService.java:217)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$FastClassBySpringCGLIB$$7078bda6.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:687)
        at eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService$$EnhancerBySpringCGLIB$$d2814454.resolveNewIdentityRoles(<generated>)
        at eu.bcvsolutions.idm.acc.event.processor.RoleRequestRealizationProcessor.process(RoleRequestRealizationProcessor.java:103)
        at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
        at eu.bcvsolutions.idm.core.model.event.processor.event.EntityEventExecuteProcessor.process(EntityEventExecuteProcessor.java:52)
        at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:244)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:373)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:253)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:180)
        at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$2.run(DefaultEntityEventManager.java:655)
        at eu.bcvsolutions.idm.core.config.DelegatingTransactionContextRunnable.run(DelegatingTransactionContextRunnable.java:39)
        at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java:84)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)

There is a workaround to fix failed role requests:

  • Go to the detail page of the role request and execute it again. This will result in a closed request, but accounts won't be recalculated
  • Manually run account recalculation and provisioning on given identity
Actions
Copy link

Also available in: Atom PDF