[jira] [Created] (OAK-5304) DefaultSyncContext.sync(ExternalIdentity) does not verify same identity provider

Alexander Klimetschek (JIRA) Wed, 14 Dec 2016 17:40:33 -0800

Alexander Klimetschek created OAK-5304:
------------------------------------------


             Summary: DefaultSyncContext.sync(ExternalIdentity) does not verify 
same identity provider
                 Key: OAK-5304
                 URL: https://issues.apache.org/jira/browse/OAK-5304
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: auth-external
    Affects Versions: 1.4.11, 1.5.15
            Reporter: Alexander Klimetschek


Since OAK-4224, the external IDP should be verified to be the same, but 
{{DefaultSyncContext.sync(ExternalIdentity)}} doesn't do that, as it only looks 
at {{ExternalIdentityRef.getProviderName()}}, but never at the 
{{rep:externalId}} of the (existing) authorizable.

Assume there is
* a user with the authorizable id "frank"
* a {{rep:externalId}} with provider "alpha" or no such property (because 
locally created)
* a sync {{context}} using provider "beta"

Calling by id:
{code:java}
context.sync("frank") => result has Status.FOREIGN
{code}

Calling by ref:
{code:java}
ExternalIdentity externalId = ...
// externalId.getId() => "frank"
// externalId.getExternalId().getProviderName() => "beta"
context.sync(externalId) => result has Status.UPDATE
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (OAK-5304) DefaultSyncContext.sync(ExternalIdentity) does not verify same identity provider

Reply via email to