Defect #981
closed
Wrong object class is used when retrieving account attributes
Added by Peter Štrunc almost 7 years ago.
Updated over 3 years ago.
Description
I found a bug in otherwise awesome and magnificent feature of getting account attributes from system (Systems -> select system -> Entities (or Accounts) -> select entity (or account)). When IdM tries to get the object from system, it always uses objectClass=__ACCOUNT__. This creates serious problem for example when different identifiers are used for accounts and groups (in connector configuration).
What is strange is that provisioning of roles (groups) to that system works well so i think only this feature is affected by this behavior.
I set the target version to 7.6.1 because it is the version which i was using and also i need the bugfix to be done on this version (create 7.6.2).
- Target version changed from Forsterite (7.6.1) to Hematite (8.0.0)
- Status changed from New to In Progress
- Assignee changed from Vít Švanda to Peter Štrunc
I wanted to unit test ConnIdIcConnectorService, but it cannot be done since it uses static method ConnectorFacadeFactory.getManagedInstance() hence it cannot be mocked. I dropped TODO there so it can be refactored later and properly tested. I will do integration test instead.
- Status changed from In Progress to Needs feedback
- Assignee changed from Peter Štrunc to Vít Švanda
- % Done changed from 0 to 90
Implemeted in psourek/981-read-acc-obj-class. Can you please review it? Thanks
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Peter Štrunc
I did review and test. Code looks nice. How can I see you are in love with java streams. I like it too (generaly for filtering). Beware of using streams everywhere, because you can with it prepare hard time for next developers (debuging is much more complicated).
- For next please create pull request.
- Test ConnIdIcConnectorServiceTest is totally empty and can be removed.
- For system entity it works fine. But not for acc account. Tab accounts loading the connector object too. It is simil as for system-entity, but recieved attributes are filtered by schema attributes.
You have to call your new method from account service too. Here will be problem with dependency, because system-entity service already used the account service. You can't create cross dependency from account service to system-entity service.
Please move your new methods to SysSystemMappingService (getObjectClassForSystemEntity -> getObjectClass(systemId, entityType)).
- Target version deleted (
Hematite (8.0.0))
- Target version set to Jade (8.1.0)
- Target version changed from Jade (8.1.0) to Lapis (8.2.0)
- Target version changed from Lapis (8.2.0) to Malachite (9.0.0)
- Target version deleted (
Malachite (9.0.0))
- Assignee changed from Peter Štrunc to Vít Švanda
- Target version set to 11.1.0
- Affected versions Amethyst added
Feature implemented within #2690.
For get correct schema object name, was implemented new method SysSchemaObjectClassService.findByAccount(systemId, entityType). This solution is base on assumption that the schema type is used only for one entity type (in provisioning and sync too).
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Ondrej Husník
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondrej Husník to Vít Švanda
- % Done changed from 90 to 100
I tested this feature on AD - group synchronization. The state of the account of a synchronized group can be now displayed properly. I believe it will be useful for users. Great!
Thanks for the additional test case explanation helped a lot.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
