cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7069) Finish JPACodeDataProvider implementation
Date Sun, 25 Sep 2016 20:52:20 GMT

    [ https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15521401#comment-15521401
] 

Sergey Beryozkin commented on CXF-7069:
---------------------------------------

Hi Adrian, 
I thought we can ship orm.xml describing the common JPA2 model - that would be understood
by both OpenJPA and Hibernate, plus a Hibernate specific orm extension dealing with this optimization.

I think keeping the code JPA2 annotation free will give the developers more flexibility -
they will be able to tune orm.xml if needed (ex, modify orm.xml in the oauth2 or oidc module
jars), without having to wait for another CXF release if anything needs to be updated. I know
Fediz IDP core module also uses orm.xml. 
But as I said this is not urgent per se. We can discuss it later on.
Sergey 

> Finish JPACodeDataProvider implementation
> -----------------------------------------
>
>                 Key: CXF-7069
>                 URL: https://issues.apache.org/jira/browse/CXF-7069
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: gonzalad
>         Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff
>
>
> Current JPACodeDataProvider has the following issues :
> # Shared entityManager (1 for all clients)
>    This is because we're injecting an entityManager into JPACodeDataProvider, which is
a singleton (from what I understand all dataProviders are to be used as singletons).
>    This has the following effects :
>     ** loading all database in JPA lvl1 cache. 
>     ** race conditions between threads (we're using bean managed transaction)
>   I'm using this kind of configuration :
> {code}
>   <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
>          <property name="dataProvider" ref="oauthProvider"/>
>          <property name="subjectCreator" ref="subjectCreator"/>
>          <property name="skipAuthorizationWithOidcScope" value="true"/>
>          <property name="canSupportPublicClients" value="true"/>
>   </bean>
>   <bean id="oauthProvider"
>           class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
>           init-method="init" destroy-method="close">
>         <property name="entityManager" ref="entityManager"/>
>         ...
>   </bean>
>   <bean id="entityManager"
>           factory-bean="entityManagerFactory"
>           factory-method="createEntityManager"/>
>   <bean id="entityManagerFactory"
>           class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> {code}
> In our sample, we could resolve this issue by configuring  a prototype scoped oauthProvider
*and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy
in spring. IMO, this appears to me to be too much magic.
> # Error when creating a BearerAccessToken during OIDC authorization code flow
>    This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() 
> {code}
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> org.apache.openjpa.persistence.RollbackException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
>     at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
>     at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
>     at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
>     at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
>     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>     at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
>     at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
>     ... 35 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
The transaction has been rolled back.  See the nested exceptions for details on the errors
that occurred.
>     at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
>     at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
>     at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
>     at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
>     at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
>     at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
>     at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
>     at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
>     ... 77 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException:
data exception: string data, right truncation;  table: BEARERACCESSTOKEN_PARAMETERS column:
VALUE {prepstmnt 549315712
> INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
>         value)
>     VALUES (?, ?, ?)
> [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]}
[code=3401, state=22001]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message