[midPoint] Undeletable object
Viliam Repan
vilo.repan at evolveum.com
Tue Oct 1 14:55:05 CEST 2013
Hi Vincent,
I tried to write unit test for this issue and I can't reproduce it with
shadow you posted in previous mail.
Did you try to delete it through Configuration/Repository objects?
Is your setup using embedded H2 or nonembedded?
Best regards,
Vilo
On 10/01/2013 01:47 PM, Viliam Repan wrote:
> Hi Vincent,
>
> I've just created Jira issue for this problem,
> https://jira.evolveum.com/browse/MID-1624 , will be fixed in next
> release (2.3) also in 2.2.1 if necessary.
>
> Best regards,
>
> vilo
>
> On 09/30/2013 08:36 PM, Belleville-Rioux, Vincent wrote:
>> Ok, I understand.
>>
>> I've been trying to set it up the way your suggest with limited
>> success...
>>
>> For some reason, in one of my tests, I ended up with an undeletable
>> object in the shadow object types... I think the only way to fix
>> that for me would be to go into the h2db and do manual queries. Just
>> wanted to share the problem :
>>
>>
>> Object :
>>
>>
>> <object
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> oid="f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8"
>> version="6"
>> xsi:type="ShadowType">
>> <name>
>> <orig
>> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</orig>
>> <norm
>> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</norm>
>> </name>
>> <trigger id="1">
>> <timestamp>2018-01-01T00:00:00.000-05:00</timestamp>
>> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/trigger/recompute/handler-2</handlerUri>
>> </trigger>
>> <metadata>
>> <createTimestamp>2013-09-30T14:23:23.817-04:00</createTimestamp>
>> <creatorRef
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>> oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"/>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-2#discovery</createChannel>
>> <modifyTimestamp>2013-09-30T14:26:27.965-04:00</modifyTimestamp>
>> <modifierRef oid="00000000-0000-0000-0000-000000000002"/>
>> <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-2#user</modifyChannel>
>> </metadata>
>> <resourceRef
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>> oid="af2bc95b-76e0-48e2-86d6-3d4f02d3fafe"
>> type="c:ResourceType"/>
>> <objectClass
>> xmlns:qn363="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2">qn363:AccountObjectClass</objectClass>
>> <c:kind
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-2"
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-2"
>> xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-2"
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-2"
>> xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2"
>> xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-2"
>> xmlns:wfcf="http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-2"
>> xmlns:m="http://midpoint.evolveum.com/xml/ns/public/model/model-context-2"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:enc="http://www.w3.org/2001/04/xmlenc#">account</c:kind>
>> <intent>default</intent>
>> <iteration>0</iteration>
>> <iterationToken/>
>> </object>
>>
>>
>> -----------------------------
>>
>> Error when trying to delete it :
>>
>>
>> *
>> Couldn't delete object 'undeletableobject'.
>>
>> o
>> Delete object (Gui)
>> o _Cause:_
>>
>> Subresult
>> com.evolveum.midpoint.provisioning.api.ProvisioningService.deleteObject
>> of operation
>> com.evolveum.midpoint.model.api.ModelService.executeChanges
>> is still UNKNOWN during cleanup; during handling of exception
>> com.evolveum.midpoint.util.exception.SystemException:
>> Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
>> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
>> delete from m_object where id=? and oid=? [23503-171]
>>
>> o
>> [ SHOW ERROR STACK ]
>> Collapse all Expand all Export to XML
>> o Execute changes (Model)
>> + Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
>> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
>> delete from m_object where id=? and oid=? [23503-171]
>> + _Param:_ options: com.evolveum.midpoint.model.api.ModelExecuteOptions at 4653a06c
>> + _Cause:_
>>
>> Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
>> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
>> delete from m_object where id=? and oid=? [23503-171]
>>
>> [ SHOW ERROR STACK ]
>> + Delete object (Provisioning)
>> #
>>
>> # _Param:_ scripts:
>> # _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
>> # _Context:_ implementationClass: class
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl
>> # Get object (Repository)
>> # Delete object (Repository)
>> * Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>> PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>> statement: delete from m_object where id=? and
>> oid=? [23503-171]
>> * _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
>> * _Param:_ type: com.evolveum.midpoint.xml.ns._public.common.common_2a.ShadowType
>> * _Cause:_
>>
>> Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>> PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>> statement:
>> delete from m_object where id=? and oid=? [23503-171]
>>
>> [ HIDE ERROR STACK ]
>> |
>>
>> org.hibernate.exception.ConstraintViolationException:
>> Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>> PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>> statement:
>> delete from m_object where id=? and oid=? [23503-171]
>> at
>> org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)
>> at
>> org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49)
>> at
>> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)
>> at
>> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)
>> at
>> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)
>> at
>> org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)
>> at com.sun.proxy.$Proxy113.executeUpdate(Unknown
>> Source)
>> at
>> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3240)
>> at
>> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3440)
>> at
>> org.hibernate.action.internal.EntityDeleteAction.execute(EntityDeleteAction.java:100)
>> at
>> org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:362)
>> at
>> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:354)
>> at
>> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:280)
>> at
>> org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)
>> at
>> org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)
>> at
>> org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1210)
>> at
>> org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:399)
>> at
>> org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)
>> at
>> org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObjectAttempt(SqlRepositoryServiceImpl.java:651)
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject_aroundBody6(SqlRepositoryServiceImpl.java:609)
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure7.run(SqlRepositoryServiceImpl.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject(SqlRepositoryServiceImpl.java:590)
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject_aroundBody12(RepositoryCache.java:249)
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure13.run(RepositoryCache.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject(RepositoryCache.java:247)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject_aroundBody12(ProvisioningServiceImpl.java:870)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure13.run(ProvisioningServiceImpl.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:69)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject(ProvisioningServiceImpl.java:818)
>> at
>> com.evolveum.midpoint.model.controller.ModelController.executeChanges_aroundBody2(ModelController.java:363)
>> at
>> com.evolveum.midpoint.model.controller.ModelController$AjcClosure3.run(ModelController.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:79)
>> at
>> com.evolveum.midpoint.model.controller.ModelController.executeChanges(ModelController.java:313)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:434)
>> at com.sun.proxy.$Proxy7.executeChanges(Unknown
>> Source)
>> at
>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.deleteObjectConfirmedPerformed(PageDebugList.java:515)
>> at
>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.access$3(PageDebugList.java:509)
>> at
>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList$1.yesPerformed(PageDebugList.java:141)
>> at
>> com.evolveum.midpoint.web.component.dialog.ConfirmationDialog$3.onClick(ConfirmationDialog.java:87)
>> at
>> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
>> at
>> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:131)
>> at
>> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:603)
>> at
>> sun.reflect.GeneratedMethodAccessor544.invoke(Unknown
>> Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
>> at
>> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
>> at
>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
>> at
>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
>> at
>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:840)
>> at
>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:254)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:211)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:282)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:244)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:188)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:267)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
>> at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
>> at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter_aroundBody0(MidPointProfilingServletFilter.java:69)
>> at
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter$AjcClosure1.run(MidPointProfilingServletFilter.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processWebNdc(MidpointAspect.java:84)
>> at
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:65)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>> at
>> org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)
>> at
>> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:617)
>> at
>> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1760)
>> at java.lang.Thread.run(Thread.java:724)
>> Caused by: org.h2.jdbc.JdbcSQLException:
>> Referential integrity constraint violation:
>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>> PUBLIC.M_OBJECT(ID, OID) (0,
>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>> statement:
>> delete from m_object where id=? and oid=? [23503-171]
>> at
>> org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
>> at
>> org.h2.message.DbException.get(DbException.java:169)
>> at
>> org.h2.message.DbException.get(DbException.java:146)
>> at
>> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:414)
>> at
>> org.h2.constraint.ConstraintReferential.checkRowRefTable(ConstraintReferential.java:431)
>> at
>> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:307)
>> at org.h2.table.Table.fireConstraints(Table.java:873)
>> at org.h2.table.Table.fireAfterRow(Table.java:890)
>> at org.h2.command.dml.Delete.update(Delete.java:99)
>> at
>> org.h2.command.CommandContainer.update(CommandContainer.java:75)
>> at
>> org.h2.command.Command.executeUpdate(Command.java:230)
>> at
>> org.h2.server.TcpServerThread.process(TcpServerThread.java:334)
>> at
>> org.h2.server.TcpServerThread.run(TcpServerThread.java:150)
>> at java.lang.Thread.run(Thread.java:724)
>>
>> at
>> org.h2.engine.SessionRemote.done(SessionRemote.java:568)
>> at
>> org.h2.command.CommandRemote.executeUpdate(CommandRemote.java:181)
>> at
>> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:156)
>> at
>> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:142)
>> at
>> com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
>> at
>> sun.reflect.GeneratedMethodAccessor407.invoke(Unknown
>> Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)
>> ... 121 more
>>
>> |
>>
>> ------------------------------------------------------------------------
>> *De :* midpoint-bounces at lists.evolveum.com
>> [midpoint-bounces at lists.evolveum.com] de la part de Radovan Semancik
>> [radovan.semancik at evolveum.com]
>> *Date d'envoi :* 30 septembre 2013 11:15
>> *À :* midpoint at lists.evolveum.com
>> *Objet :* Re: [midPoint] RE : RE : RE : RE : RE : Namespace problem
>>
>> On 09/30/2013 04:10 PM, Belleville-Rioux, Vincent wrote:
>>> We have about 10k new students each semester and also have about the
>>> same number of students that get "offboarded" from some services due
>>> to various reasons.
>>>
>>> What we're trying to evaluate is how we could automate such state
>>> changes so we can do something like :
>>>
>>> - 1 month before the start of the semester, all students registered
>>> to at least one class will get their account created / activated. A
>>> notification message will be sent.
>>>
>>> - 12 months after the end of the last semester where the student had
>>> at least one class, the account will be deactivated and a
>>> notification message will be sent.
>>
>> This is quite common scenario both in enterprise and academia. And
>> this was actually a reason to create time-based mappings. Therefore
>> it should work even in v2.2 but the limitation is that is should be
>> applied to the entire account and not just a single role. The basic
>> idea is like this:
>>
>> MidPoint user will be created in midPoint as soon as we know about
>> such record. E.g. it can be synchronized from HR (or any equivalent
>> academic source system). The key idea is that user's validFrom date
>> will be set to onboarding date (or hire date or sunrise date or
>> whateverYouCallIt ;-). The activation administrativeStatus of the
>> user should be empty (null). This will cause that midPoint will
>> compute effective user activation status based on validFrom, validTo
>> and current date.
>>
>> Assign any roles to the user, e.g. using an object template. The
>> roles should represent a state of the user as it should look like
>> during semester. You do not need to specify any conditions in the
>> object template mappings nor any conditions in the role outbound
>> mappings. The roles can be assigned anytime, even before semester.
>>
>> Define a time-based activation mapping for the resources that you
>> want to "pre-provision" or for whose you want to delay
>> de-provisioning. An example is here:
>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>> (see "Mapping Time Constraints" section).
>>
>> And that's it. Before the semester the user has all the roles, but as
>> the time is before user's validFrom the activation mapping in the
>> resource definitions will not be used and the accounts will not be
>> created. When the semester starts the time passes through validFrom.
>> MidPoint detects that (automatically) and the mapping will be
>> evaluated differently. The accounts will get created. And similar
>> mechanism also applies to delayed deprovisioning. The examples are
>> actually slightly more complex than your requirement as they are set
>> up to create a disabled account 5 days before onboarding and then
>> enable it right on the onboarding date.
>>
>> The current limitation is that this applies to all accounts on the
>> resource. If you want to apply it only to some accounts you have to
>> play with the mapping conditions. This may be tricky but it should
>> work. However, this is not the ideal way how to create maintainable
>> system. Therefore we plan couple of improvements:
>> 1: support account types (this is called "intent" in midPoint
>> terminology), e.g. account type "user", "student", "admin", "tester",
>> .... you can specify different mappings for each type. Most of the
>> work on this feature is already done. But nobody stated that this is
>> important enough to give us enough motivation to finally complete and
>> test it. :-)
>> 2: support similar time-based mappings in assignment/inducement
>> conditions. In such a case you can specify this behaviour per role.
>> This is slightly more difficult to finish, but still possible.
>>
>>> The startDate and endDate are properties we can read from an SQL
>>> table (but I'm simulating that with a CSV file for now). I guess
>>> we'll have to reconcile at least once a day because that table will
>>> have updates to those dates as students use our online tools to
>>> register / unregister themselves to classes.
>>
>> If it is really a DB table and it has a timestamp column you may rely
>> on livesync instead. It is more efficient and much faster. Use
>> reconciliation just as a "last instance" in case that livesync missed
>> something (e.g. due to bug in mapping script, because the system was
>> down for a long time, etc.)
>> MidPoint is designed to use livesync as a primary mechanism as often
>> as possible and use reconciliation only as a "safety net".
>>
>> Anyway, unlike some other IDM systems midPoint configuration is
>> almost entirely the same whether you use livesync or reconciliation.
>> Therefore it is easy to experiment with it and fine-tune the setup
>> that works for you.
>>
>>> We should also have the ability to override those values with other
>>> dates like "bannedOn" or "temporaryExtension" :
>>>
>>> The bannedOn date would make any student which has that date as a
>>> non-null value be kept inactive for 7 years from that date.
>>>
>>> The temporaryExtension date would make any student account active
>>> for 12 months from that date, regardless of the endDate imported
>>> from SQL.
>>
>> Interesting requirement. Really. I quite like it :-) And I guess you
>> can implement this behaviour by using the correct conditions in
>> activation mappings. I quite wonder how "clean" or maintainable the
>> result will be though. Anyway, it is worth trying. And if you find
>> that you cannot do it or that it is unreadable and confusing then let
>> me know. Maybe we could think about some way how to improve our
>> mapping code to make it better. Maintainability of the system is very
>> important for me.
>>
>> It is also import for you to realize whether these rules apply to
>> users (students as physical persons), to accounts, or to assignments
>> (relation of user to an account). As far as I know it is usual that a
>> person may be a student on faculty X and work on faculty Y while the
>> onboarding dates may be different. Then is would be best to store the
>> dates in assignments. If this is the case then midPoint is designed
>> to handle situation like this quite well. The system of "assignments"
>> is designed primarily for this purpose. While most of the
>> functionality for assignments is already there some pieces of code
>> may still be missing (e.g. the assignment activation mappings).
>> Therefore it may be best for you to start with a partial solution
>> such as storing the dates in users. This can work well for a first
>> phase of your project. And you can work with us to plan the required
>> features in the roadmap so you can have it ready for subsequent
>> phases. IDM projects are not deployed overnight therefore I believe
>> that we can agree on a reasonable delivery dates that can work for you.
>>
>>> So, as you can see, dates are really useful for our use cases. I
>>> understand that this was added rather quickly to 2.2. Would you
>>> suggest we upgrade our test environment to the latest snapshots and
>>> try and follow the development from there on?
>>
>> Not yet :-) .. if you decide to use time-based activation mappings
>> then it should work well in 2.2. If you find some bug in this part we
>> will fix it in 2.2.1 as this is important feature. If you decide that
>> you need more than activation mappings then there is no point to
>> switching to the development branch yet. The code is not yet there.
>> In such a case please let us know and we will figure out when we can
>> deliver that. But I quite believe that activation mappings are almost
>> entirely what you need now. And once you have your first version
>> working we can talk about how to improve it in the future.
>>
>> --
>>
>> Radovan Semancik
>> Software Architect
>> evolveum.com
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Viliam Repán(
> Evolveum, s.r.o.
>
> tel: +421 910 797978
> mail:vilo.repan at evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Viliam Repán(
Evolveum, s.r.o.
tel: +421 910 797978
mail: vilo.repan at evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20131001/48073c21/attachment.htm>
More information about the midPoint
mailing list