[midPoint] RE : RE : Undeletable object
Viliam Repan
vilo.repan at evolveum.com
Tue Oct 1 16:06:31 CEST 2013
Hi Vincent,
you probably didn't connect to right database, h2 server created new one
for you based on jdbc url that you've put in dbVisualiser:
this should be jdbc url for midpoint db (if tomcat is running, and
<midpoint.home>/config.xml contains <asServer>true</asServer> )
jdbc:h2:tcp://127.0.0.1:5438/midpoint;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=1;LOCK_TIMEOUT=10000
otherwise you have to use file access (local connection)
jdbc:h2:[file:][<path>]<databaseName>
e.g. jdbc:h2:<midpoint.home path>/midpoint;LOCK_MODE=1;LOCK_TIMEOUT=10000
Best regards,
Vilo
On 10/01/2013 03:39 PM, Belleville-Rioux, Vincent wrote:
> Weird, I've installed dbVisualizer and when I connect to
> midpoint.h2.db, I see no tables at all... I tried using something
> else than the default administrator password, but it does not work, so
> it seems that I am connecting with the good username / password.
>
> Do you know of any specifics about that h2db in order for me to query
> it directly?
>
> Thanks,
>
> Vincent
>
> PS : I tried both with midpoint running and stopped.
> ------------------------------------------------------------------------
> *De :* midpoint-bounces at lists.evolveum.com
> [midpoint-bounces at lists.evolveum.com] de la part de Belleville-Rioux,
> Vincent [rioux.vincent at uqam.ca]
> *Date d'envoi :* 1 octobre 2013 09:06
> *À :* midPoint General Discussion
> *Objet :* [midPoint] RE : Undeletable object
>
> Hi Vilo,
>
> I'm on embedded H2 on Tomcat6.
>
> I am trying to delete it through the repository objects. I *think*
> that I might have tried deleting it while it was being created /
> updated by a live sync task / import task.
>
> From what I understand, it could be the case that there are other
> objects referencing that OID somewhere in the database and this is
> what prevents the deletion. Maybe an "on delete cascade" would be a
> quick fix? It could have serious side effects, though... so it could
> be a better idea to make this optional with a "force" checkbox or
> something like that...
>
> Another route to fix this, if my theory of delete-while-create is
> correct, would be to first add a "deleted" flag to items that we wish
> to remove and then really remove those items only when a cleanup
> period happens (which could be made to run only when no other task
> might be running).
>
> I'll try and install an H2db tool to query and see what's happening in
> the DB itself.
>
> Vincent
>
>
>
> ------------------------------------------------------------------------
> *De :* midpoint-bounces at lists.evolveum.com
> [midpoint-bounces at lists.evolveum.com] de la part de Viliam Repan
> [vilo.repan at evolveum.com]
> *Date d'envoi :* 1 octobre 2013 08:55
> *À :* midPoint General Discussion
> *Objet :* Re: [midPoint] Undeletable object
>
> Hi Vincent,
>
> I tried to write unit test for this issue and I can't reproduce it
> with shadow you posted in previous mail.
> Did you try to delete it through Configuration/Repository objects?
>
> Is your setup using embedded H2 or nonembedded?
>
> Best regards,
>
> Vilo
>
> On 10/01/2013 01:47 PM, Viliam Repan wrote:
>> Hi Vincent,
>>
>> I've just created Jira issue for this problem,
>> https://jira.evolveum.com/browse/MID-1624 , will be fixed in next
>> release (2.3) also in 2.2.1 if necessary.
>>
>> Best regards,
>>
>> vilo
>>
>> On 09/30/2013 08:36 PM, Belleville-Rioux, Vincent wrote:
>>> Ok, I understand.
>>>
>>> I've been trying to set it up the way your suggest with limited
>>> success...
>>>
>>> For some reason, in one of my tests, I ended up with an undeletable
>>> object in the shadow object types... I think the only way to fix
>>> that for me would be to go into the h2db and do manual queries.
>>> Just wanted to share the problem :
>>>
>>>
>>> Object :
>>>
>>>
>>> <object
>>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> oid="f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8"
>>> version="6"
>>> xsi:type="ShadowType">
>>> <name>
>>> <orig
>>> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</orig>
>>> <norm
>>> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</norm>
>>> </name>
>>> <trigger id="1">
>>> <timestamp>2018-01-01T00:00:00.000-05:00</timestamp>
>>>
>>> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/trigger/recompute/handler-2</handlerUri>
>>> </trigger>
>>> <metadata>
>>> <createTimestamp>2013-09-30T14:23:23.817-04:00</createTimestamp>
>>> <creatorRef
>>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>>> oid="00000000-0000-0000-0000-000000000002"
>>> type="c:UserType"/>
>>>
>>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-2#discovery</createChannel>
>>> <modifyTimestamp>2013-09-30T14:26:27.965-04:00</modifyTimestamp>
>>> <modifierRef oid="00000000-0000-0000-0000-000000000002"/>
>>>
>>> <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-2#user</modifyChannel>
>>> </metadata>
>>> <resourceRef
>>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>>> oid="af2bc95b-76e0-48e2-86d6-3d4f02d3fafe"
>>> type="c:ResourceType"/>
>>> <objectClass
>>> xmlns:qn363="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2">qn363:AccountObjectClass</objectClass>
>>> <c:kind
>>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>>>
>>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-2"
>>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-2"
>>>
>>> xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-2"
>>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-2"
>>>
>>> xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2"
>>>
>>> xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-2"
>>>
>>> xmlns:wfcf="http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-2"
>>>
>>> xmlns:m="http://midpoint.evolveum.com/xml/ns/public/model/model-context-2"
>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>>>
>>> xmlns:enc="http://www.w3.org/2001/04/xmlenc#">account</c:kind>
>>> <intent>default</intent>
>>> <iteration>0</iteration>
>>> <iterationToken/>
>>> </object>
>>>
>>>
>>> -----------------------------
>>>
>>> Error when trying to delete it :
>>>
>>>
>>> *
>>> Couldn't delete object 'undeletableobject'.
>>>
>>> o
>>> Delete object (Gui)
>>> o _Cause:_
>>>
>>> Subresult
>>> com.evolveum.midpoint.provisioning.api.ProvisioningService.deleteObject
>>> of operation
>>> com.evolveum.midpoint.model.api.ModelService.executeChanges
>>> is still UNKNOWN during cleanup; during handling of
>>> exception
>>> com.evolveum.midpoint.util.exception.SystemException:
>>> Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
>>> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
>>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
>>> delete from m_object where id=? and oid=? [23503-171]
>>>
>>> o
>>> [ SHOW ERROR STACK ]
>>> Collapse all Expand all Export to XML
>>> o Execute changes (Model)
>>> + Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID,
>>> OID) (0, 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement: delete from m_object where id=? and oid=?
>>> [23503-171]
>>> + _Param:_ options: com.evolveum.midpoint.model.api.ModelExecuteOptions at 4653a06c
>>>
>>> + _Cause:_
>>>
>>> Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID,
>>> OID) (0, 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement:
>>> delete from m_object where id=? and oid=? [23503-171]
>>>
>>> [ SHOW ERROR STACK ]
>>> + Delete object (Provisioning)
>>> #
>>>
>>> # _Param:_ scripts:
>>> # _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
>>> # _Context:_ implementationClass: class
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl
>>>
>>> # Get object (Repository)
>>> # Delete object (Repository)
>>> * Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>>> PUBLIC.M_OBJECT(ID, OID) (0,
>>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement: delete from m_object where id=? and
>>> oid=? [23503-171]
>>> * _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
>>> * _Param:_ type: com.evolveum.midpoint.xml.ns._public.common.common_2a.ShadowType
>>>
>>> * _Cause:_
>>>
>>> Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>>> PUBLIC.M_OBJECT(ID, OID) (0,
>>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement:
>>> delete from m_object where id=? and oid=?
>>> [23503-171]
>>>
>>> [ HIDE ERROR STACK ]
>>> |
>>>
>>> org.hibernate.exception.ConstraintViolationException:
>>> Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>>> PUBLIC.M_OBJECT(ID, OID) (0,
>>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement:
>>> delete from m_object where id=? and oid=?
>>> [23503-171]
>>> at
>>> org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)
>>> at
>>> org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49)
>>> at
>>> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)
>>> at
>>> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)
>>> at
>>> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)
>>> at
>>> org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)
>>> at com.sun.proxy.$Proxy113.executeUpdate(Unknown
>>> Source)
>>> at
>>> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3240)
>>> at
>>> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3440)
>>> at
>>> org.hibernate.action.internal.EntityDeleteAction.execute(EntityDeleteAction.java:100)
>>> at
>>> org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:362)
>>> at
>>> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:354)
>>> at
>>> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:280)
>>> at
>>> org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)
>>> at
>>> org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)
>>> at
>>> org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1210)
>>> at
>>> org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:399)
>>> at
>>> org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)
>>> at
>>> org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)
>>> at
>>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObjectAttempt(SqlRepositoryServiceImpl.java:651)
>>> at
>>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject_aroundBody6(SqlRepositoryServiceImpl.java:609)
>>> at
>>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure7.run(SqlRepositoryServiceImpl.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
>>> at
>>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject(SqlRepositoryServiceImpl.java:590)
>>> at
>>> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject_aroundBody12(RepositoryCache.java:249)
>>> at
>>> com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure13.run(RepositoryCache.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
>>> at
>>> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject(RepositoryCache.java:247)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject_aroundBody12(ProvisioningServiceImpl.java:870)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure13.run(ProvisioningServiceImpl.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:69)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject(ProvisioningServiceImpl.java:818)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController.executeChanges_aroundBody2(ModelController.java:363)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController$AjcClosure3.run(ModelController.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:79)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController.executeChanges(ModelController.java:313)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:434)
>>> at com.sun.proxy.$Proxy7.executeChanges(Unknown
>>> Source)
>>> at
>>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.deleteObjectConfirmedPerformed(PageDebugList.java:515)
>>> at
>>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.access$3(PageDebugList.java:509)
>>> at
>>> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList$1.yesPerformed(PageDebugList.java:141)
>>> at
>>> com.evolveum.midpoint.web.component.dialog.ConfirmationDialog$3.onClick(ConfirmationDialog.java:87)
>>> at
>>> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
>>> at
>>> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:131)
>>> at
>>> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:603)
>>> at
>>> sun.reflect.GeneratedMethodAccessor544.invoke(Unknown
>>> Source)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
>>> at
>>> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
>>> at
>>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
>>> at
>>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:840)
>>> at
>>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:254)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:211)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:282)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:244)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:188)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:267)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
>>> at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
>>> at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
>>> at
>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>> at
>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter_aroundBody0(MidPointProfilingServletFilter.java:69)
>>> at
>>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter$AjcClosure1.run(MidPointProfilingServletFilter.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processWebNdc(MidpointAspect.java:84)
>>> at
>>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:65)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>>> at
>>> org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)
>>> at
>>> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:617)
>>> at
>>> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1760)
>>> at java.lang.Thread.run(Thread.java:724)
>>> Caused by: org.h2.jdbc.JdbcSQLException:
>>> Referential integrity constraint violation:
>>> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
>>> KEY(OWNER_ID, OWNER_OID) REFERENCES
>>> PUBLIC.M_OBJECT(ID, OID) (0,
>>> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
>>> statement:
>>> delete from m_object where id=? and oid=?
>>> [23503-171]
>>> at
>>> org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
>>> at
>>> org.h2.message.DbException.get(DbException.java:169)
>>> at
>>> org.h2.message.DbException.get(DbException.java:146)
>>> at
>>> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:414)
>>> at
>>> org.h2.constraint.ConstraintReferential.checkRowRefTable(ConstraintReferential.java:431)
>>> at
>>> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:307)
>>> at
>>> org.h2.table.Table.fireConstraints(Table.java:873)
>>> at org.h2.table.Table.fireAfterRow(Table.java:890)
>>> at org.h2.command.dml.Delete.update(Delete.java:99)
>>> at
>>> org.h2.command.CommandContainer.update(CommandContainer.java:75)
>>> at
>>> org.h2.command.Command.executeUpdate(Command.java:230)
>>> at
>>> org.h2.server.TcpServerThread.process(TcpServerThread.java:334)
>>> at
>>> org.h2.server.TcpServerThread.run(TcpServerThread.java:150)
>>> at java.lang.Thread.run(Thread.java:724)
>>>
>>> at
>>> org.h2.engine.SessionRemote.done(SessionRemote.java:568)
>>> at
>>> org.h2.command.CommandRemote.executeUpdate(CommandRemote.java:181)
>>> at
>>> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:156)
>>> at
>>> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:142)
>>> at
>>> com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
>>> at
>>> sun.reflect.GeneratedMethodAccessor407.invoke(Unknown
>>> Source)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)
>>> ... 121 more
>>>
>>> |
>>>
>>> ------------------------------------------------------------------------
>>> *De :* midpoint-bounces at lists.evolveum.com
>>> [midpoint-bounces at lists.evolveum.com] de la part de Radovan Semancik
>>> [radovan.semancik at evolveum.com]
>>> *Date d'envoi :* 30 septembre 2013 11:15
>>> *À :* midpoint at lists.evolveum.com
>>> *Objet :* Re: [midPoint] RE : RE : RE : RE : RE : Namespace problem
>>>
>>> On 09/30/2013 04:10 PM, Belleville-Rioux, Vincent wrote:
>>>> We have about 10k new students each semester and also have about
>>>> the same number of students that get "offboarded" from some
>>>> services due to various reasons.
>>>>
>>>> What we're trying to evaluate is how we could automate such state
>>>> changes so we can do something like :
>>>>
>>>> - 1 month before the start of the semester, all students registered
>>>> to at least one class will get their account created / activated.
>>>> A notification message will be sent.
>>>>
>>>> - 12 months after the end of the last semester where the student
>>>> had at least one class, the account will be deactivated and a
>>>> notification message will be sent.
>>>
>>> This is quite common scenario both in enterprise and academia. And
>>> this was actually a reason to create time-based mappings. Therefore
>>> it should work even in v2.2 but the limitation is that is should be
>>> applied to the entire account and not just a single role. The basic
>>> idea is like this:
>>>
>>> MidPoint user will be created in midPoint as soon as we know about
>>> such record. E.g. it can be synchronized from HR (or any equivalent
>>> academic source system). The key idea is that user's validFrom date
>>> will be set to onboarding date (or hire date or sunrise date or
>>> whateverYouCallIt ;-). The activation administrativeStatus of the
>>> user should be empty (null). This will cause that midPoint will
>>> compute effective user activation status based on validFrom, validTo
>>> and current date.
>>>
>>> Assign any roles to the user, e.g. using an object template. The
>>> roles should represent a state of the user as it should look like
>>> during semester. You do not need to specify any conditions in the
>>> object template mappings nor any conditions in the role outbound
>>> mappings. The roles can be assigned anytime, even before semester.
>>>
>>> Define a time-based activation mapping for the resources that you
>>> want to "pre-provision" or for whose you want to delay
>>> de-provisioning. An example is here:
>>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>>> (see "Mapping Time Constraints" section).
>>>
>>> And that's it. Before the semester the user has all the roles, but
>>> as the time is before user's validFrom the activation mapping in the
>>> resource definitions will not be used and the accounts will not be
>>> created. When the semester starts the time passes through validFrom.
>>> MidPoint detects that (automatically) and the mapping will be
>>> evaluated differently. The accounts will get created. And similar
>>> mechanism also applies to delayed deprovisioning. The examples are
>>> actually slightly more complex than your requirement as they are set
>>> up to create a disabled account 5 days before onboarding and then
>>> enable it right on the onboarding date.
>>>
>>> The current limitation is that this applies to all accounts on the
>>> resource. If you want to apply it only to some accounts you have to
>>> play with the mapping conditions. This may be tricky but it should
>>> work. However, this is not the ideal way how to create maintainable
>>> system. Therefore we plan couple of improvements:
>>> 1: support account types (this is called "intent" in midPoint
>>> terminology), e.g. account type "user", "student", "admin",
>>> "tester", .... you can specify different mappings for each type.
>>> Most of the work on this feature is already done. But nobody stated
>>> that this is important enough to give us enough motivation to
>>> finally complete and test it. :-)
>>> 2: support similar time-based mappings in assignment/inducement
>>> conditions. In such a case you can specify this behaviour per role.
>>> This is slightly more difficult to finish, but still possible.
>>>
>>>> The startDate and endDate are properties we can read from an SQL
>>>> table (but I'm simulating that with a CSV file for now). I guess
>>>> we'll have to reconcile at least once a day because that table will
>>>> have updates to those dates as students use our online tools to
>>>> register / unregister themselves to classes.
>>>
>>> If it is really a DB table and it has a timestamp column you may
>>> rely on livesync instead. It is more efficient and much faster. Use
>>> reconciliation just as a "last instance" in case that livesync
>>> missed something (e.g. due to bug in mapping script, because the
>>> system was down for a long time, etc.)
>>> MidPoint is designed to use livesync as a primary mechanism as often
>>> as possible and use reconciliation only as a "safety net".
>>>
>>> Anyway, unlike some other IDM systems midPoint configuration is
>>> almost entirely the same whether you use livesync or reconciliation.
>>> Therefore it is easy to experiment with it and fine-tune the setup
>>> that works for you.
>>>
>>>> We should also have the ability to override those values with other
>>>> dates like "bannedOn" or "temporaryExtension" :
>>>>
>>>> The bannedOn date would make any student which has that date as a
>>>> non-null value be kept inactive for 7 years from that date.
>>>>
>>>> The temporaryExtension date would make any student account active
>>>> for 12 months from that date, regardless of the endDate imported
>>>> from SQL.
>>>
>>> Interesting requirement. Really. I quite like it :-) And I guess you
>>> can implement this behaviour by using the correct conditions in
>>> activation mappings. I quite wonder how "clean" or maintainable the
>>> result will be though. Anyway, it is worth trying. And if you find
>>> that you cannot do it or that it is unreadable and confusing then
>>> let me know. Maybe we could think about some way how to improve our
>>> mapping code to make it better. Maintainability of the system is
>>> very important for me.
>>>
>>> It is also import for you to realize whether these rules apply to
>>> users (students as physical persons), to accounts, or to assignments
>>> (relation of user to an account). As far as I know it is usual that
>>> a person may be a student on faculty X and work on faculty Y while
>>> the onboarding dates may be different. Then is would be best to
>>> store the dates in assignments. If this is the case then midPoint is
>>> designed to handle situation like this quite well. The system of
>>> "assignments" is designed primarily for this purpose. While most of
>>> the functionality for assignments is already there some pieces of
>>> code may still be missing (e.g. the assignment activation mappings).
>>> Therefore it may be best for you to start with a partial solution
>>> such as storing the dates in users. This can work well for a first
>>> phase of your project. And you can work with us to plan the required
>>> features in the roadmap so you can have it ready for subsequent
>>> phases. IDM projects are not deployed overnight therefore I believe
>>> that we can agree on a reasonable delivery dates that can work for you.
>>>
>>>> So, as you can see, dates are really useful for our use cases. I
>>>> understand that this was added rather quickly to 2.2. Would you
>>>> suggest we upgrade our test environment to the latest snapshots and
>>>> try and follow the development from there on?
>>>
>>> Not yet :-) .. if you decide to use time-based activation mappings
>>> then it should work well in 2.2. If you find some bug in this part
>>> we will fix it in 2.2.1 as this is important feature. If you decide
>>> that you need more than activation mappings then there is no point
>>> to switching to the development branch yet. The code is not yet
>>> there. In such a case please let us know and we will figure out when
>>> we can deliver that. But I quite believe that activation mappings
>>> are almost entirely what you need now. And once you have your first
>>> version working we can talk about how to improve it in the future.
>>>
>>> --
>>>
>>> Radovan Semancik
>>> Software Architect
>>> evolveum.com
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ing. Viliam Repán(
>> Evolveum, s.r.o.
>>
>> tel: +421 910 797978
>> mail:vilo.repan at evolveum.com
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Viliam Repán(
> Evolveum, s.r.o.
>
> tel: +421 910 797978
> mail:vilo.repan at evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Viliam Repán(
Evolveum, s.r.o.
tel: +421 910 797978
mail: vilo.repan at evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20131001/4bf5d3a5/attachment.htm>
More information about the midPoint
mailing list