[MID-7218] Incorrect permissions when operation performed asynchronously (i.e. with task) - Evolveum Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.3
Fix Version/s: 4.5, 4.4.1
Component/s: Tasks
Labels:
- #rus

Subscription:
Active subscription

Description

We are integrating with ServiceNow and need to close an open request when midPoint has performed the operation. For this purpose we are using the attached hook. In order to do this, we are storing the ServiceNow URL and credentials in the System Configuration.

Due to the fact that provisioning may take a while, we are calling midpoint.executeChangesAsynchronously in our custom REST service.

When calling synchronously, or using the same user in the UI, the call to ServiceNow works no problem. When being called from the task that gets created when being called asynchronously, the following line results in an Access Denied, even though the task owner has permission to do the following:

SystemConfigurationType systemConfigurationType = midpoint.getObject(SystemConfigurationType.class, "00000000-0000-0000-0000-000000000001");

As the user can not retrieve the stored credentials from the system configuration, the rest of the hook also fails.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

hook_servicenow_close_task.xml
9 kB
14/Sep/21 6:19 PM
IdentitiesRestService.java
46 kB
14/Sep/21 6:19 PM
role-operator.xml
0.6 kB
01/Oct/21 11:27 PM
system-configuration.zip
9 kB
01/Oct/21 11:28 PM
task-modify.xml
2 kB
01/Oct/21 11:27 PM
user-operator.xml
0.3 kB
01/Oct/21 11:27 PM
user-test.xml
0.2 kB
01/Oct/21 11:27 PM

Activity

People

Assignee:: Chris Woods

Reporter:: Chris Woods

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Sep/21 6:20 PM

Updated:: 01/Dec/21 8:29 AM

Resolved:: 01/Dec/21 8:29 AM