Oleg Zimakov created SYNCOPE-1980:
-------------------------------------
Summary: Audit history diff is always empty: entity
deserialization fails under Jackson 3
Key: SYNCOPE-1980
URL: https://issues.apache.org/jira/browse/SYNCOPE-1980
Project: Syncope
Issue Type: Bug
Components: console
Affects Versions: 5.0.0
Reporter: Oleg Zimakov
The per-entity "Audit History" modal in the admin console (User / Group / Any
Object / Realm / Policy -> View Audit History) never renders a JSON diff: both
the "previous" and "after" panes are always empty, regardless of which versions
are selected.
h3. Steps to reproduce
# Enable audit confs, e.g. \{{[LOGIC]:[UserLogic]:[]:[create]:[SUCCESS]}} and
\{{[LOGIC]:[UserLogic]:[]:[update]:[SUCCESS]}} (Configuration -> Audit).
# Create a user, then update one of its attributes (e.g. fullname) so at least
two audit versions exist.
# Open the user's "View Audit History" modal.
# Select the create version on the left and the update version on the right.
h3. Expected
Both panes show the entity JSON and the changed attribute is highlighted.
h3. Actual
Both panes are empty (only the line-number gutter is shown); no diff is
rendered for any combination of selected versions.
h3. Root cause
{\{org.apache.syncope.client.console.audit.AuditHistoryDetails#toJSON}}
deserializes the audited entity with an untyped reader:
{code:java}
T entity = MAPPER.reader().
with(StreamReadFeature.STRICT_DUPLICATE_DETECTION).
readValue(content);
{code}
Under Jackson 3 an ObjectReader with no configured value type throws:
{code}
tools.jackson.databind.exc.InvalidDefinitionException: No value type configured
for ObjectReader
{code}
The exception is caught and logged by the surrounding try/catch ("While
(de)serializing entity ..."), and toJSON returns an empty Model, so the failure
is silent in the UI and only visible in the console log. The diff is therefore
always empty.
This is a regression from the Jackson 2 -> 3 migration (jackson 3.0.3,
\{{tools.jackson.*}}): Jackson 2's \{{mapper.reader()}} tolerated a missing
root type, while Jackson 3 requires one.
h3. Suggested fix
Deserialize into the concrete type of the entity, which the panel already holds
as \{{currentEntity}}:
{code:java}
@SuppressWarnings("unchecked")
T entity = (T) MAPPER.readerFor(currentEntity.getClass()).
with(StreamReadFeature.STRICT_DUPLICATE_DETECTION).
readValue(content);
{code}
With the concrete type, the JSON's \{{_class}} is consumed as an ordinary
property and the entity deserializes correctly for
User/Group/AnyObject/Realm/Policy. Verified locally on the standalone (H2)
distribution: the diff renders and the InvalidDefinitionException no longer
appears in the console log.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
