Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
Unable to delete service providers via REST API if the SP has configured permissions.
Refer: How to reproduce: section
{
"code": "APP-65001",
"message": "Error deleting application with id: 24d0948e-b47b-4427-a702-43baea4b2e19",
"description": "Error while deleting permissions for application: SP",
"traceId": "accdbb6c-9875-4ded-ab72-5b2ff4e4f578"
}
error in carbon log:
[2022-08-25 09:24:59,681] [accdbb6c-9875-4ded-ab72-5b2ff4e4f578] ERROR {org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl} - Application: 24d0948e-b47b-4427-a702-43baea4b2e19 in tenant: carbon.super might have partially deleted
[2022-08-25 09:24:59,708] [accdbb6c-9875-4ded-ab72-5b2ff4e4f578] ERROR {org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils} - errorCode: APP-65001 | message: Error while deleting permissions for application: SP org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Error while deleting permissions for application: SP
at org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.deletePermissions(ApplicationMgtUtil.java:663)
at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.deleteApplicationByResourceId(ApplicationManagementServiceImpl.java:2576)
at org.wso2.carbon.identity.api.server.application.management.v1.core.ServerApplicationManagementService.deleteApplication(ServerApplicationManagementService.java:531)
at org.wso2.carbon.identity.api.server.application.management.v1.impl.ApplicationsApiServiceImpl.deleteApplication(ApplicationsApiServiceImpl.java:104)
at org.wso2.carbon.identity.api.server.application.management.v1.ApplicationsApi.deleteApplication(ApplicationsApi.java:161)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doDelete(AbstractHTTPServlet.java:228)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119)
at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:116)
at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:89)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:152)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:135)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:106)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:67)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Could not delete the remote resource. Could not check authorization.
Caused by Error occurred while accessing Java Security Manager Privilege Block
at org.wso2.carbon.registry.core.jdbc.handlers.builtin.MountHandler.delete(MountHandler.java:515)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.delete(HandlerManager.java:2629)
at org.wso2.carbon.registry.core.jdbc.handlers.UserDefinedHandlerManager.delete(UserDefinedHandlerManager.java:214)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.delete(HandlerLifecycleManager.java:443)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.delete(EmbeddedRegistry.java:851)
at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.delete(CacheBackedRegistry.java:601)
at org.wso2.carbon.registry.core.session.UserRegistry.deleteInternal(UserRegistry.java:879)
at org.wso2.carbon.registry.core.session.UserRegistry.access$1100(UserRegistry.java:73)
at org.wso2.carbon.registry.core.session.UserRegistry$12.run(UserRegistry.java:854)
at org.wso2.carbon.registry.core.session.UserRegistry$12.run(UserRegistry.java:851)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.registry.core.session.UserRegistry.delete(UserRegistry.java:851)
at org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.deletePermissions(ApplicationMgtUtil.java:636)
... 60 more
Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Could not check authorization.
Caused by Error occurred while accessing Java Security Manager Privilege Block
at org.wso2.carbon.registry.core.utils.AuthorizationUtils.authorize(AuthorizationUtils.java:58)
at org.wso2.carbon.registry.core.jdbc.Repository.get(Repository.java:189)
at org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher.handleGet(MediaTypeMatcher.java:131)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.get(HandlerManager.java:2441)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.get(HandlerLifecycleManager.java:911)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.get(EmbeddedRegistry.java:512)
at org.wso2.carbon.identity.entitlement.policy.finder.registry.RegistryPolicyMediaTypeMatcher.handleDelete(RegistryPolicyMediaTypeMatcher.java:49)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.delete(HandlerManager.java:2624)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.delete(HandlerLifecycleManager.java:447)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.delete(EmbeddedRegistry.java:851)
at org.wso2.carbon.registry.core.session.UserRegistry.deleteInternal(UserRegistry.java:879)
at org.wso2.carbon.registry.core.session.UserRegistry.access$1100(UserRegistry.java:73)
at org.wso2.carbon.registry.core.session.UserRegistry$12.run(UserRegistry.java:854)
at org.wso2.carbon.registry.core.session.UserRegistry$12.run(UserRegistry.java:851)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.registry.core.session.UserRegistry.delete(UserRegistry.java:851)
at org.wso2.carbon.registry.core.jdbc.handlers.builtin.MountHandler.delete(MountHandler.java:508)
... 72 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Error occurred while accessing Java Security Manager Privilege Block
at org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.callSecure(JDBCAuthorizationManager.java:1530)
at org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.isUserAuthorized(JDBCAuthorizationManager.java:222)
at org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager.isUserAuthorized(RegistryAuthorizationManager.java:200)
at org.wso2.carbon.registry.core.utils.AuthorizationUtils.authorize(AuthorizationUtils.java:52)
... 88 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.callSecure(JDBCAuthorizationManager.java:1515)
... 91 more
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.GeneratedMethodAccessor152.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager$2.run(JDBCAuthorizationManager.java:1518)
... 93 more
Caused by: java.lang.NullPointerException
at org.wso2.carbon.user.core.util.UserCoreUtil.extractDomainFromName(UserCoreUtil.java:885)
at org.wso2.carbon.user.core.authorization.AuthorizationCache.isCaseSensitiveUsername(AuthorizationCache.java:328)
at org.wso2.carbon.user.core.authorization.AuthorizationCache.isUserAuthorized(AuthorizationCache.java:150)
at org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.isUserAuthorized(JDBCAuthorizationManager.java:253)
... 97 more
Describe the issue: Unable to delete service providers via REST API if the SP has configured permissions. Refer: How to reproduce: section
error in carbon log:
How to reproduce:
Login in to https://localhost:9443/carbon/
Navigate to Main->Identity->Service Providers -> Add
Give a name and register
Go inside the created SP
Click Role/Permission Configuration -> Permissions -> +Add permission
List out applications using REST API and identify the app id
try to delete the app using REST API (replace the app id)
Applciation deletion failed with the above mentioned error. It fails to delete the permissions stored in the registry
Expected behavior: Delete the configured permissions and delete the service provider successfully
Environment information (Please complete the following information; remove any unnecessary fields) :