cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7069) Finish JPACodeDataProvider implementation
Date Sun, 25 Sep 2016 17:34:21 GMT

    [ https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15521160#comment-15521160
] 

Sergey Beryozkin commented on CXF-7069:
---------------------------------------

Hi Adrian, I've completed applying your original patch to the 3.2.0-SNAPSHOT, thanks.

As far as this hibernate orm extension is concerned, this is OK, but it is a test resource
so do we really need it ?
I'd rather have this issue resolved now and then you open a separate issue - remove JPA2 annotations
and ship a main orm.xml resource instead - and once that is done then we can consider shipping
hbm.xml alongside it, as a 'main' resource too - this moving of JPA2 annotations to orm.xml
can be done later on for sure. 

Thanks, Sergey 

> Finish JPACodeDataProvider implementation
> -----------------------------------------
>
>                 Key: CXF-7069
>                 URL: https://issues.apache.org/jira/browse/CXF-7069
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: gonzalad
>         Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff
>
>
> Current JPACodeDataProvider has the following issues :
> # Shared entityManager (1 for all clients)
>    This is because we're injecting an entityManager into JPACodeDataProvider, which is
a singleton (from what I understand all dataProviders are to be used as singletons).
>    This has the following effects :
>     ** loading all database in JPA lvl1 cache. 
>     ** race conditions between threads (we're using bean managed transaction)
>   I'm using this kind of configuration :
> {code}
>   <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
>          <property name="dataProvider" ref="oauthProvider"/>
>          <property name="subjectCreator" ref="subjectCreator"/>
>          <property name="skipAuthorizationWithOidcScope" value="true"/>
>          <property name="canSupportPublicClients" value="true"/>
>   </bean>
>   <bean id="oauthProvider"
>           class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
>           init-method="init" destroy-method="close">
>         <property name="entityManager" ref="entityManager"/>
>         ...
>   </bean>
>   <bean id="entityManager"
>           factory-bean="entityManagerFactory"
>           factory-method="createEntityManager"/>
>   <bean id="entityManagerFactory"
>           class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> {code}
> In our sample, we could resolve this issue by configuring  a prototype scoped oauthProvider
*and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy
in spring. IMO, this appears to me to be too much magic.
> # Error when creating a BearerAccessToken during OIDC authorization code flow
>    This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() 
> {code}
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> org.apache.openjpa.persistence.RollbackException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
>     at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
>     at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
>     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
>     at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
>     ... 35 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
>     at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
>     at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
>     at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
>     at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
>     at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
>     at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
>     ... 77 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
data exception: string data, right truncation;  table: BEARERACCESSTOKEN_PARAMETERS column:
VALUE {prepstmnt 549315712
> INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
>         value)
>     VALUES (?, ?, ?)
> [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]}
[code=3401, state=22001]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message