Defect #460
closedAutomatic role for many Identities
100%
Description
I was not able to assign automatic role to all users in IdM - hundreds.
Files
Updated by Radek Tomiška almost 7 years ago
- Category set to Roles
- Assignee changed from Radek Tomiška to Marcel Poul
- Target version set to Citrine (7.3.0)
Updated by Marcel Poul almost 7 years ago
- Assignee changed from Marcel Poul to Radek Tomiška
Updated by Radek Tomiška almost 7 years ago
- Status changed from New to In Progress
- Assignee changed from Radek Tomiška to Filip Měšťánek
The cause is in provisioning mapping:
... Caused by: java.lang.SecurityException: Script wants to use unauthorized class: [java.lang.RuntimeException] ... eu.bcvsolutions.idm.acc.service.impl.DefaultAccAccountManagementService.generateUID(DefaultAccAccountManagementService.java:301) ...
Updated by Filip Měšťánek almost 7 years ago
- File auto_role.png auto_role.png added
- Assignee changed from Filip Měšťánek to Radek Tomiška
That could be, but in the tasks log there is nothing. No exception, no info. Even if I check application log, there is no exception. See the image.
When the cause was was the SecurityException, the tasks log showed a "Failed" state. Now it is "Executed".
Updated by Radek Tomiška almost 7 years ago
- Assignee changed from Radek Tomiška to Filip Měšťánek
I think screenshot shows diferent taks.
Other things (show full exception in LRT etc) were added as new tickets ... so, did you fix exception from my comment?
Updated by Radek Tomiška almost 7 years ago
- Assignee changed from Filip Měšťánek to Radek Tomiška
Updated by Radek Tomiška almost 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Filip Měšťánek
- % Done changed from 0 to 90
I've added try / catch mechanism to automatic role tasks:
- failed role code and failed identities (usernames) are shown i LRT detail. Whole exception can be found in role request agenda by identity's username
- failed role request can be executed again (e.g. after change mapping).
- remove automatic role task - added check for concurrently run task
- exception in role agenda will be improved in #480
- retry LRT mechanism will be improved in #466
Thank you for correcting the script. Could you deploy new version to test environment and make a test pls?
Updated by Ondřej Kopr almost 7 years ago
- Assignee changed from Filip Měšťánek to Ondřej Kopr
Updated by Ondřej Kopr almost 7 years ago
- File role_remove.png role_remove.png added
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Radek Tomiška
- % Done changed from 90 to 100
- create lots of users ~1500,
- every user is in organization structure at random node,
- add 6 roles to root of this organization structure with recursion down,
- check long running task, counter and etc,
- check random user if has roles,
- + test on our project (same use case).
This use case works perfectly, thanks for update/fix this issue.
Test code:
IdmTreeType type = treeTypeService.getByCode("test"); IdmTreeNode parent = new IdmTreeNode(); parent.setCode("parent"); parent.setName("parent"); parent.setTreeType(type); int nextParent = 0; List<UUID> treeNodeIds = new ArrayList<>(); for (int index = 0; index < 50; index++) { IdmTreeNode treeNode = new IdmTreeNode(); treeNode.setCode(String.valueOf(index)); treeNode.setName(String.valueOf(index)); treeNode.setTreeType(type); treeNode.setParent(parent); treeNode = treeNodeService.save(treeNode); treeNodeIds.add(treeNode.getId()); // if (nextParent == 5) { nextParent = 0; parent = treeNode; } else { nextParent++; } } Random randomGenerator = new Random(); for (int index = 0; index < 1500; index++) { String random = String.valueOf(System.currentTimeMillis()); IdmIdentityDto user = new IdmIdentityDto(); user.setUsername("xx_" + random); user.setFirstName("xx_" + random); user.setLastName("xx_" + random); user.setPassword(new GuardedString("a")); user = save(user); IdmIdentityContractDto contract = new IdmIdentityContractDto(); // int indexId = randomGenerator.nextInt(treeNodeIds.size()); contract.setWorkPosition(treeNodeIds.get(indexId)); contract.setIdentity(user.getId()); identityContractService.save(contract); }
Updated by Radek Tomiška almost 7 years ago
- Status changed from Resolved to Closed