[midPoint] Error using Filter on Target for Assignment Authorization

Alcides Carlos de Moraes Neto alcides.neto at gmail.com
Fri Feb 16 22:02:48 CET 2018 

Hello list,

I'm trying to limit the roles that some users can request using
Authorizations. I've put a simple substring filter to limit the available
target roles, but I'm getting this exception shown serveral times:

Operation
*operation.com.evolveum.midpoint.web.page.self.PageAssignmentShoppingKart.loadAssignableRoles*
Message Couldn't load available roles Error Unexpected filter SUBSTRING(S):
name,PPV(PolyString:GAB) show java.lang.UnsupportedOperationException:
Unexpected filter SUBSTRING(S): name,PPV(PolyString:Gabinetes) at
com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getRoleSelectionSpecEntries(ModelInteractionServiceImpl.java:593)
at
com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getRoleSelectionSpecEntries(ModelInteractionServiceImpl.java:585)
at
com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getAssignableRoleSpecification(ModelInteractionServiceImpl.java:463)
at sun.reflect.GeneratedMethodAccessor1331.invoke(Unknown Source) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:508)
at com.sun.proxy.$Proxy192.getAssignableRoleSpecification(Unknown Source)
at
com.evolveum.midpoint.web.page.self.PageAssignmentShoppingKart.getAssignableRolesFilter(PageAssignmentShoppingKart.java:518)

The error messages are shown on screen, and the users sees all roles in the
role catalog.
This is the authorization:
<authorization>
      <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign
</action>
      <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign
</action>
      <phase>request</phase>
      <object id="4">
         <type>UserType</type>
         <orgRelation>
            <subjectRelation>org:manager</subjectRelation>
         </orgRelation>
      </object>
      <target id="7">
         <type>RoleType</type>
         <filter>
            <q:substring>
               <q:path>name</q:path>
               <q:value>GAB</q:value>
               <q:anchorStart>true</q:anchorStart>
            </q:substring>
         </filter>
      </target>
   </authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180216/016b29a7/attachment.htm>

More information about the midPoint mailing list