Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2524

Long error message during authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.2 (Tycho)
    • Fix Version/s: 3.3 (Lincoln)
    • Component/s: Model
    • Labels:
      None

      Description

      UserProfileServiceImpl#addAuthorizations should bypass security and must not try to obtain principal during assignment evaluation because it's just creating principal object.

      How to test:

      • Use <custom-filter position="PRE_AUTH_FILTER" ref="requestHeaderAuthenticationFilter" />
      • curl -vIG --header "SM_USER: user_name" -L http://localhost:8080/midpoint
      • user_name must have assigments which will evaluated using AssignmentEvaluator, stack should look like:
        at com.evolveum.midpoint.security.api.SecurityUtil.getPrincipal(SecurityUtil.java:41) ~[security-api-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.security.impl.SecurityEnforcerImpl.getPrincipal(SecurityEnforcerImpl.java:128) ~[security-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.common.expression.ExpressionUtil.addActorVariable(ExpressionUtil.java:672) ~[model-common-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.common.mapping.Mapping.evaluate(Mapping.java:485) [model-common-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.LensUtil.evaluateMapping(LensUtil.java:573) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateMappingAsCondition(AssignmentEvaluator.java:653) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAbstractRole(AssignmentEvaluator.java:445) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateTarget(AssignmentEvaluator.java:424) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:311) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluate(AssignmentEvaluator.java:218) [model-impl-3.3-SNAPSHOT.jar:na]
        at com.evolveum.midpoint.model.impl.security.UserProfileServiceImpl.addAuthorizations(UserProfileServiceImpl.java:194) [model-impl-3.3-SNAPSHOT.jar:na]
        

        Attachments

          Activity

            People

            Assignee:
            lazyman Viliam Repan
            Reporter:
            lazyman Viliam Repan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: