Il 28/05/2013 11:17, Jesse van Bekkum ha scritto:
Hi
I looked in to it yesterday evening, and this is an example on how to
reproduce this issue on a blank syncope installation.
I did two things to the code. I added this class:
public class Propagate extends AbstractActivitiDelegate {
protected static final Logger LOG =
LoggerFactory.getLogger(Propagate.class);
@Override
protected void doExecute(DelegateExecution execution) throws
Exception {
LOG.error("Provisioning");
SyncopeUser user = (SyncopeUser)
execution.getVariable(ActivitiUserWorkflowAdapter.SYNCOPE_USER);
UserMod userMod = (UserMod)
execution.getVariable(ActivitiUserWorkflowAdapter.USER_MOD);
if (userMod == null) {
userMod = new UserMod();
if (user.getId() != null) {
userMod.setId(user.getId());
}
}
userMod.addResourceToBeAdded("resource-testdb");
// update SyncopeUser
PropagationByResource propByRes = dataBinder.update(user,
userMod);
// report updated user and propagation by resource as result
execution.setVariable(ActivitiUserWorkflowAdapter.SYNCOPE_USER, user);
execution.setVariable(ActivitiUserWorkflowAdapter.PROP_BY_RESOURCE,
propByRes);
LOG.info("propByRes: {}", propByRes);
}
}
I included this in the workflow, effectively adding a step between
"removeToken" and activeGw:
<sequenceFlow id="flow7" sourceRef="removeToken"
targetRef="propagate"/>
<serviceTask id="propagate" name="Propagate"
activiti:class="nl.test.Propagate"/>
<sequenceFlow id="propagate_active" sourceRef="propagate"
targetRef="active"/>
<userTask id="active" name="Active"/>
<sequenceFlow id="flow8" sourceRef="active" targetRef="activeGw"/>
Using the following steps, the issue can be reproduced:
1. Build syncope, and run mvn -P embedded from the console directory
2. Log in
3. Go to resources, click on H2 connector, in resource-testdb
4. Clear the Password Column field
5. Edit the resource
6. Uncheck the password checkbox, and change that field from
userpassword to username in userschema
7. (This is to make provisioning without a clear text password easier)
8. Go to users, and manually assign a user to resource
resource-testdb, and save
9. Go to http://localhost:9082/login.jsp
<http://localhost:9082/login.jsp?jsessionid=11fb0d636138038dca849e1c9528986b>
and
log in with the password sa and the jdbc
url jdbc:h2:tcp://localhost:9092/testdb
10. Look at the table TEST, and ensure that the user is provisioned.
This makes sure that provisioning in general works
11. Now create a user in syncope
12. Enter a username, password, values for full name, surname and
userid (email address)
13. Assign role 11, the type of user that has to be activated
14. Copy the token
15. Go to this
url:http://localhost:9080/syncope/rest/user/activate/100.json?token=<
<http://localhost:9080/syncope/rest/user/activate/100.json?token=22EP5fua8lqlXzHr0mKbgkZVoYziPzAmcrpqLeQZTq11oTqGqaeRbfcS8oMiOWdSjoTyJF6fzmc9u5jnBw9YTxi3KllytlCSiiK9AwytcsRxdBIQNh4jCILqhNPdjcMbpYG2U3BC9gDhSBQj54EWHl8hjCiyy3LHwaos0YiVjLoxIiVcGNFcuJx0dc9kMOQVN3BhqxMqlP4RrEPs30CoJNmOUwRi4f5KLyddu1bma74Wa1BAULSGH8ucbQYY1u1z>token>
Hi Jesse, the problem is into the point 15.
By calling "activate" service you will ask for an activation of user
without propagation.
To ask for a propagation a PropagationRequestTO should be sent.
Please, take a look at UserController.activate() [1] and
UserTestITCase.suspendReactivateOnResource() [2] methods .
Best regards,
F.
[1]
http://svn.apache.org/viewvc/syncope/tags/syncope-1.1.1/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java?view=markup
[2]
http://svn.apache.org/viewvc/syncope/tags/syncope-1.1.1/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java?view=markup
1. In the response message, "resource-testdb" will be included in the
resources field. The propagationTO field will be empty though.
2. Now look at core.log. The following will show up:
* 10:30:10.190 ERROR nl.test.Propagate - Provisioning
* 10:30:10.273 INFO nl.test.Propagate - propByRes: To be Created:
[resource-testdb];
* To be Updated: [];
* To be Deleted: [];
* Old account Ids: {}
1. This means that my class is executed, and a resource is added.
2. Now check the H2 database again. No user.
3. Go the the user in syncope: The resource is actually assigned to
this user.
4. Now save the user in syncope. You get messages that the user has
been propagated
5. Now go to H2 again, the user is provisioned.
I looked at all the logs related to connectors, but I could not find
obvious issues. If you have other suggestions on which log files to
look at, I will do that.
It seems to me that synope assigns the resource, but that the
propagation step is not actually executed. When you save the user it
sees that that's wrong, and propagates .
If somebody can see what the issue is that would really help me
Thanks
Jesse
