Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.3
    • Fix Version/s: 1.1.4, 1.2.0-M1
    • Component/s: core
    • Labels:
      None

      Description

      Some entities have String keys that are currently accepted without any specific bound (schema, resources, config parameters).
      When, for example, a value like as an URL is provided, nothing special happens during creation (because such value is embedded into a transfer object); however, any subsequent read or delete, which would require passing the entity key as part of the REST URL, will fail either with Spring MVC and CXF.

      For example, as reported in mailing list [1], a user schema with name 'http://schemas.examples.org/security/authorization/organizationUnit' can be created but will then be impossible to read or even delete since the REST URL would be something like as

      http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit

      After some search, it seems that it is neither Spring MVC nor CXF problem, but instead the JEE container (like as Tomcat, for example) that needs some special configuration for handling such URLs (see CXF-4207 for more details).

      The most logical and straightforward solution seems to be just setting some limits for the characters admitted; at a first glance, alphanumeric plus some special characters (space, _, -, @, .) should be fine.

      [1] http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html

        Attachments

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              ilgrosso Francesco Chicchiriccò
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: