You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/05/04 19:47:04 UTC
[jira] [Commented] (CXF-7069) Finish JPACodeDataProvider
implementation
[ https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15997336#comment-15997336 ]
ASF GitHub Bot commented on CXF-7069:
-------------------------------------
Github user gonzalad commented on the issue:
https://github.com/apache/cxf/pull/173
Closed as too old pr
> Finish JPACodeDataProvider implementation
> -----------------------------------------
>
> Key: CXF-7069
> URL: https://issues.apache.org/jira/browse/CXF-7069
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.7
> Reporter: gonzalad
> Assignee: Sergey Beryozkin
> Fix For: 3.1.8, 3.2.0
>
> Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff
>
>
> Current JPACodeDataProvider has the following issues :
> # Shared entityManager (1 for all clients)
> This is because we're injecting an entityManager into JPACodeDataProvider, which is a singleton (from what I understand all dataProviders are to be used as singletons).
> This has the following effects :
> ** loading all database in JPA lvl1 cache.
> ** race conditions between threads (we're using bean managed transaction)
> I'm using this kind of configuration :
> {code}
> <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
> <property name="dataProvider" ref="oauthProvider"/>
> <property name="subjectCreator" ref="subjectCreator"/>
> <property name="skipAuthorizationWithOidcScope" value="true"/>
> <property name="canSupportPublicClients" value="true"/>
> </bean>
> <bean id="oauthProvider"
> class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
> init-method="init" destroy-method="close">
> <property name="entityManager" ref="entityManager"/>
> ...
> </bean>
> <bean id="entityManager"
> factory-bean="entityManagerFactory"
> factory-method="createEntityManager"/>
> <bean id="entityManagerFactory"
> class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> {code}
> In our sample, we could resolve this issue by configuring a prototype scoped oauthProvider *and* an openEntityInView spring filter *and* setting each reference to oauthProvider as aop:scoped-proxy in spring. IMO, this appears to me to be too much magic.
> # Error when creating a BearerAccessToken during OIDC authorization code flow
> This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2()
> {code}
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.
> at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
> at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
> at org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
> at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
> at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
> at org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
> at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
> at org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
> at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
> at org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
> at org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
> at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
> at org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
> ... 35 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.
> at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
> at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
> at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
> at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
> at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
> at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
> at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
> at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
> ... 77 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> org.apache.openjpa.persistence.PersistenceException: data exception: string data, right truncation; table: BEARERACCESSTOKEN_PARAMETERS column: VALUE {prepstmnt 549315712
> INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
> value)
> VALUES (?, ?, ?)
> [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]} [code=3401, state=22001]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)