Re: Overlapping dynamic realms doesn't get updated

Francesco Chicchiriccò Tue, 20 Feb 2024 23:52:18 -0800

Hi Federico,
I wasn't personally aware that dynamic realms had some effective use cases, 
good to know :-)


I will go ahead and approve your JIRA account request so that you can report 
this an issue.
Are you also willing to submit a PR to fix it? If so, please ensure to include 
some tests, at least in DynRealmTest and DynRealmITCase.

Regards.

On 20/02/24 17:45, Federico Brignola wrote:

Hi,
while trying to figure out how dynamics realms work, I think that I found a bug. I've 
created 2 dynamics realms (dynr1, dynr2) with the same conditions (for example "USER 
Dynamic Condition [ATTRIBUTE email NOT NULL]"). When I create or update a user only 
one dynamic realm is updated, while the other one remain outdated.

Both Syncope 3.0.6 and Syncope 2.1.13 have the same behavior.

Steps to reproduce:

1.
    run the following docker-compose environment
2.
    create a user "user1" with email "us...@example.com"
3.
    create a dynamic realm "dynr1" with condition "USER Dynamic Condition [ATTRIBUTE 
email NOT NULL]"
4.
    create another dynamic realm "dynr2" with the same condition of "dynr1"
5.
    // Check that both dynamic realms contain the user "user1"
6.
    create a new user "user2" with email "us...@example.com"
7.
    // Check that only the realm "dynr1" contains the user "user2" while the 
other doesn't



That problem could be caused by the following function within the query at line 168 
because that query doesn't filter by the current dynamic realm, so it returns every row 
where the "any" exists (even if in other dynamic realms).
https://github.com/apache/syncope/blob/2dca716795497d4a73d75212964d5991eea01a2b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPADynRealmDAO.java#L162
 
<https://github.com/apache/syncope/blob/2dca716795497d4a73d75212964d5991eea01a2b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPADynRealmDAO.java#L162>

The docker-compose environment:
```
version: '3.3'
services:
  db:
      image: postgres:12
      environment:
          POSTGRES_DB: syncope
          POSTGRES_USER: syncope
          POSTGRES_PASSWORD: syncope
      ports:
          - "5432:5432"

  syncope:
      image: apache/syncope:2.1.13
      depends_on:
          - db
      ports:
          - "8081:8080"
      environment:
          DBMS: postgresql
          DB_URL: jdbc:postgresql://db:5432/syncope
          DB_USER: syncope
          DB_PASSWORD: syncope
          DB_POOL_MAX: 10
          DB_POOL_MIN: 2
          OPENJPA_REMOTE_COMMIT: sjvm

 syncope-console:
      image: apache/syncope-console:2.1.13
      depends_on:
          - syncope
      ports:
          - "8082:8080"
      environment:
          CORE_SCHEME: http
          CORE_HOST: syncope
          CORE_PORT: 8080
```

Regards
Federico Brignola



--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Overlapping dynamic realms doesn't get updated

Reply via email to