Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-663

Relationship Identity Properties of Grant does not contain link to the Role

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • None
    • None
    • Hide

      Create two Partitions (e.g. two Realms) and one User in first Partition and one Role in second Partition.
      Then try to Grant the Role to the User and debug DefaultPartitionManager.getStoreForRelationshipOperation method.

      You will see PicketLink taking a wrong path in determination of the IdentityStore. It might not make a problem (although it does in my specific configuration) in most configurations, but it is most likely a bug.

      Show
      Create two Partitions (e.g. two Realms) and one User in first Partition and one Role in second Partition. Then try to Grant the Role to the User and debug DefaultPartitionManager.getStoreForRelationshipOperation method. You will see PicketLink taking a wrong path in determination of the IdentityStore. It might not make a problem (although it does in my specific configuration) in most configurations, but it is most likely a bug.

    Description

      When storing a Grant relationship between a User and a Role from different Partitions, PicketLink wrongly assume the Relationship lies within one Partition.

      Affected method is

      DefaultPartitionManager.getStoreForRelationshipOperation

      The problem is actually in

      RelationshipMetadata.queryRelationshipIdentityProperties

      where

      query.addCriteria(new TypedPropertyCriteria(IdentityType.class))

      is called while the Grant looks like

      @InheritsPrivileges("role")
      @StereotypeProperty(RELATIONSHIP_GRANT_ASSIGNEE)
      public IdentityType getAssignee() {
      return assignee;
      }

      @StereotypeProperty(RELATIONSHIP_GRANT_ROLE)
      public Role getRole() {
      return role;
      }

      Therefore I suggest to change it to

      query.addCriteria(new TypedPropertyCriteria(IdentityType.class, TypedPropertyCriteria.MatchOption.SUB_TYPE));

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            backslash47_jira Matus Zamborsky (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: