cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gonzalad (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-7069) Finish JPACodeDataProvider implementation
Date Fri, 23 Sep 2016 07:51:20 GMT
gonzalad created CXF-7069:
-----------------------------

             Summary: Finish JPACodeDataProvider implementation
                 Key: CXF-7069
                 URL: https://issues.apache.org/jira/browse/CXF-7069
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.1.7
            Reporter: gonzalad


Current JPACodeDataProvider has the following issues :

# Shared entityManager (1 for all clients)
   This is because we're injecting an entityManager into JPACodeDataProvider, which is a singleton
(from what I understand all dataProviders are to be used as singletons).
   This has the following effects :
    ** loading all database in JPA lvl1 cache. 
    ** race conditions between threads (we're using bean managed transaction)
  I'm using this kind of configuration :
{code}
  <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
         <property name="dataProvider" ref="oauthProvider"/>
         <property name="subjectCreator" ref="subjectCreator"/>
         <property name="skipAuthorizationWithOidcScope" value="true"/>
         <property name="canSupportPublicClients" value="true"/>
  </bean>

  <bean id="oauthProvider"
          class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
          init-method="init" destroy-method="close">
        <property name="entityManager" ref="entityManager"/>
        ...
  </bean>

  <bean id="entityManager"
          factory-bean="entityManagerFactory"
          factory-method="createEntityManager"/>

  <bean id="entityManagerFactory"
          class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
{code}
In our sample, we could resolve this issue by configuring  a prototype scoped oauthProvider
*and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy
in spring. IMO, this appears to me to be too much magic.
# Error when creating a BearerAccessToken during OIDC authorization code flow
   This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() 
{code}
Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> org.apache.openjpa.persistence.RollbackException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
    at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
    at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
    at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
    at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
    at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
    at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
    at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
    at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
    at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
    at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
    at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
    at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
    at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    ... 35 more
Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
    at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
    at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
    at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
    at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
    at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
    at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
    at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
    at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
    ... 77 more
Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
data exception: string data, right truncation;  table: BEARERACCESSTOKEN_PARAMETERS column:
VALUE {prepstmnt 549315712
INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
        value)
    VALUES (?, ?, ?)
[params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]}
[code=3401, state=22001]
{code}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message