cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gonzalad (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-7069) Finish JPACodeDataProvider implementation
Date Sat, 24 Sep 2016 22:24:20 GMT

     [ https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

gonzalad updated CXF-7069:
--------------------------
    Attachment: CXF-7069-hbmxml.patch

Proposed patch for hibernate optimisation (httpVerbs and uris OAuthPermission attributes are
put in 2nd level cache).

This is achieved by using specific hibernate hbm.xml (instead of hibernate annotations) to
override Permission and OAuthPermission. 


> Finish JPACodeDataProvider implementation
> -----------------------------------------
>
>                 Key: CXF-7069
>                 URL: https://issues.apache.org/jira/browse/CXF-7069
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: gonzalad
>         Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff
>
>
> Current JPACodeDataProvider has the following issues :
> # Shared entityManager (1 for all clients)
>    This is because we're injecting an entityManager into JPACodeDataProvider, which is
a singleton (from what I understand all dataProviders are to be used as singletons).
>    This has the following effects :
>     ** loading all database in JPA lvl1 cache. 
>     ** race conditions between threads (we're using bean managed transaction)
>   I'm using this kind of configuration :
> {code}
>   <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
>          <property name="dataProvider" ref="oauthProvider"/>
>          <property name="subjectCreator" ref="subjectCreator"/>
>          <property name="skipAuthorizationWithOidcScope" value="true"/>
>          <property name="canSupportPublicClients" value="true"/>
>   </bean>
>   <bean id="oauthProvider"
>           class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
>           init-method="init" destroy-method="close">
>         <property name="entityManager" ref="entityManager"/>
>         ...
>   </bean>
>   <bean id="entityManager"
>           factory-bean="entityManagerFactory"
>           factory-method="createEntityManager"/>
>   <bean id="entityManagerFactory"
>           class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> {code}
> In our sample, we could resolve this issue by configuring  a prototype scoped oauthProvider
*and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy
in spring. IMO, this appears to me to be too much magic.
> # Error when creating a BearerAccessToken during OIDC authorization code flow
>    This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() 
> {code}
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> org.apache.openjpa.persistence.RollbackException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
>     at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
>     at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
>     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
>     at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
>     ... 35 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
>     at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
>     at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
>     at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
>     at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
>     at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
>     at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
>     ... 77 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
data exception: string data, right truncation;  table: BEARERACCESSTOKEN_PARAMETERS column:
VALUE {prepstmnt 549315712
> INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
>         value)
>     VALUES (?, ?, ?)
> [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]}
[code=3401, state=22001]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message