scim2 icon indicating copy to clipboard operation
scim2 copied to clipboard

Published 20 hours ago verified publisher icon pingidentity

issue with scimChecker functionality

Open hqlvzs opened this issue 7 years ago • 3 comments

we have defined the GroupResource schemas(some attributes have been omitted): @Schema(id="urn:ietf:params:scim:schemas:core:2.0:Group", name="Group", description="Group") public class GroupResource extends BaseScimResource { @Attribute(description="A list of members of the Group.", isCaseExact=false, mutability=AttributeDefinition.Mutability.READ_WRITE, multiValueClass = Member.class, returned=AttributeDefinition.Returned.DEFAULT) private List<Member> members; }

since the members attribute has READWRITE mutablity, i think it should be valid if we do replace with below input resource: { "schemas" : [ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "members" : [ { "value" : "member1" } ] }

but currently it will not pass the schema check, the exception is shown below: com.unboundid.scim2.common.exceptions.BadRequestException: Attribute members[0].value is immutable and value(s) may not be replaced

it seems that schemaChecker is failing because the sub-attributes of Member like value are described as immutable.

The same exception will be thrown for patch request with members replacement operation, for example: { "schemas" : [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations" : [ { "op" : "replace", "path" : "members", "value" : [ { "value" : "member1" } ] } ] }

the class members definition is shown below: public class Member {

@Attribute(description = "Identifier of the member of this Group.", isCaseExact = false, mutability = AttributeDefinition.Mutability.IMMUTABLE, returned = AttributeDefinition.Returned.DEFAULT, uniqueness = AttributeDefinition.Uniqueness.NONE)
private String value;

@Attribute(description = "The URI corresponding to a SCIM resource that is a member of this Group.", isCaseExact = false, referenceTypes = {
		"User",
		"Group" }, mutability = AttributeDefinition.Mutability.IMMUTABLE, returned = AttributeDefinition.Returned.DEFAULT, uniqueness = AttributeDefinition.Uniqueness.NONE)
private String $ref;

@Attribute(description = "A label indicating the type of resource e.g., 'User' or 'Group'.", isCaseExact = false, mutability = AttributeDefinition.Mutability.IMMUTABLE, returned = AttributeDefinition.Returned.DEFAULT, uniqueness = AttributeDefinition.Uniqueness.NONE)
private String type;

}

hqlvzs avatar May 26 '17 09:05 hqlvzs

Thanks for reporting this issue. How are you calling the SchemaChecker? Are you using SchemaChecker.checkReplace and SchemaChecker.checkModify?

digitalperk avatar May 30 '17 20:05 digitalperk

yes, i am just calling the SchemaChecker.checkReplace and SchemaChecker.checkModify function to do the schema check.

hqlvzs avatar May 31 '17 03:05 hqlvzs

Thanks for the reply. I've created an internal JIRA issue to track the concern. This does look like a bug with how the SchemaChecker mutability of complex attributes. There is no estimated time for resolution as the issue needs to be reviewed and prioritized.

digitalperk avatar May 31 '17 16:05 digitalperk