Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 679B5200BB0 for ; Sun, 25 Sep 2016 00:24:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 66298160ADF; Sat, 24 Sep 2016 22:24:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 81AC1160AD1 for ; Sun, 25 Sep 2016 00:24:21 +0200 (CEST) Received: (qmail 40307 invoked by uid 500); 24 Sep 2016 22:24:20 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 40291 invoked by uid 99); 24 Sep 2016 22:24:20 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Sep 2016 22:24:20 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 85A3F2C044E for ; Sat, 24 Sep 2016 22:24:20 +0000 (UTC) Date: Sat, 24 Sep 2016 22:24:20 +0000 (UTC) From: "gonzalad (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (CXF-7069) Finish JPACodeDataProvider implementation MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sat, 24 Sep 2016 22:24:22 -0000 [ https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] gonzalad updated CXF-7069: -------------------------- Attachment: CXF-7069-hbmxml.patch Proposed patch for hibernate optimisation (httpVerbs and uris OAuthPermission attributes are put in 2nd level cache). This is achieved by using specific hibernate hbm.xml (instead of hibernate annotations) to override Permission and OAuthPermission. > Finish JPACodeDataProvider implementation > ----------------------------------------- > > Key: CXF-7069 > URL: https://issues.apache.org/jira/browse/CXF-7069 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security > Affects Versions: 3.1.7 > Reporter: gonzalad > Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff > > > Current JPACodeDataProvider has the following issues : > # Shared entityManager (1 for all clients) > This is because we're injecting an entityManager into JPACodeDataProvider, which is a singleton (from what I understand all dataProviders are to be used as singletons). > This has the following effects : > ** loading all database in JPA lvl1 cache. > ** race conditions between threads (we're using bean managed transaction) > I'm using this kind of configuration : > {code} > > > > > > > class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider" > init-method="init" destroy-method="close"> > > ... > > factory-bean="entityManagerFactory" > factory-method="createEntityManager"/> > class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> > {code} > In our sample, we could resolve this issue by configuring a prototype scoped oauthProvider *and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy in spring. IMO, this appears to me to be too much magic. > # Error when creating a BearerAccessToken during OIDC authorization code flow > This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() > {code} > Caused by: org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. > at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595) > at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58) > at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) > at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) > at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) > at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) > at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source) > at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139) > at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99) > at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213) > at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79) > at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136) > at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94) > at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58) > at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke() > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) > at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) > at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653) > at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize() > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180) > at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) > ... 35 more > Caused by: org.apache.openjpa.persistence.PersistenceException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. > at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368) > at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205) > at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103) > at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021) > at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81) > at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526) > at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932) > at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571) > ... 77 more > Caused by: org.apache.openjpa.persistence.PersistenceException: data exception: string data, right truncation; table: BEARERACCESSTOKEN_PARAMETERS column: VALUE {prepstmnt 549315712 > INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName, > value) > VALUES (?, ?, ?) > [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]} [code=3401, state=22001] > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)