Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
-
None
Description
When storing a Grant relationship between a User and a Role from different Partitions, PicketLink wrongly assume the Relationship lies within one Partition.
Affected method is
DefaultPartitionManager.getStoreForRelationshipOperation
The problem is actually in
RelationshipMetadata.queryRelationshipIdentityProperties
where
query.addCriteria(new TypedPropertyCriteria(IdentityType.class))
is called while the Grant looks like
@InheritsPrivileges("role")
@StereotypeProperty(RELATIONSHIP_GRANT_ASSIGNEE)
public IdentityType getAssignee() {
return assignee;
}@StereotypeProperty(RELATIONSHIP_GRANT_ROLE)
public Role getRole() {
return role;
}
Therefore I suggest to change it to
query.addCriteria(new TypedPropertyCriteria(IdentityType.class, TypedPropertyCriteria.MatchOption.SUB_TYPE));