I am trying to get a jpa-ticket-registry configured for CAS but I'm getting a
TransactionRequiredException in CAS when my application tries to verify the
login token with CAS.
The exception is:
javax.persistence.TransactionRequiredException: Executing an update/delete query
at
org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496)
~[hibernate-core-5.2.17.Final.jar!/:5.2.17.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_192]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_192]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at
org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:375)
~[spring-orm-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy216.executeUpdate(Unknown Source) ~[?:?]
at
org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:158)
~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11]
at
org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:121)
~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at
org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:98)
~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at
org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke(<generated>)
~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:667)
~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$9000de6b.deleteTicket(<generated>)
~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_192]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_192]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy109.deleteTicket(Unknown Source) ~[?:?]
at
org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator.generate(OAuth20DefaultTokenGenerator.java:67)
~[cas-server-support-oauth-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_192]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_192]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy175.generate(Unknown Source) ~[?:?]
at
org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:119)
~[cas-server-support-oauth-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_192]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_192]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:849)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:760)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
~[tomcat-embed-websocket-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30)
~[cas-server-core-web-api-5.3.11.jar!/:5.3.11]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:240)
~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94)
~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91)
~[cas-server-core-logging-5.3.11.jar!/:5.3.11]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103)
~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
~[inspektr-common-1.8.4.GA.jar!/:1.8.4.GA]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_192]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_192]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util-8.5.41.jar!/:8.5.41]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]
My application is an
org.apereo.cas.support.oauth.services.OAuthRegisteredService.
My jpa configuration:
cas.ticket.registry.jpa.ddlAuto=none
cas.ticket.registry.jpa.user=***
cas.ticket.registry.jpa.password=***
cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
cas.ticket.registry.jpa.url=jdbc:oracle:thin:@***
cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
To reproduce the error, I'll request a protected resource in my application.
My application will redirect the user to CAS. The user will login to CAS.
Login seems to be successful. Then CAS will redirect the user to
/my-app/login?code=OC-1-PCHUeONs6TYsJ2my1qrCJw5pofgZNbqL&state=ZGNbw6 and my
application will return an http 401. The above stack track will be in my cas
log. Here's an excerpt of some debugging messages prior to the error. Not
sure if they are relevant, or if more messages would be helpful:
2019-07-12 11:12:22,252 DEBUG [org.apereo.cas.support.oauth.util.OAuth20Utils]
- <Checking grant type [authorization_code] against supported grant types
[[authorization_code]]>
2019-07-12 11:12:22,252 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor]
- <OAuth grant type is [authorization_code]>
2019-07-12 11:12:22,252 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor]
- <Located registered service
[OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***,
name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null,
id=1002, description=***,
expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false,
notifyWhenDeleted=false, expirationDate=null),
proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1,
evaluationOrder=0,
usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
logoutType=BACK_CHANNEL, requiredHandlers=[],
attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null,
principalAttributesRepository=DefaultPrincipalAttributesRepository(),
consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true,
excludedAttributes=null, includeOnlyAttributes=null),
authorizedToReleaseCredentialPassword=false,
authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false,
authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)),
multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
failureMode=NOT_SET, principalAttributeNameTrigger=null,
principalAttributeValueToMatch=null, bypassEnabled=false), logo=null,
logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0,
enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null,
delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]),
requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={},
caseInsensitive=false), publicKey=null, properties={}, contacts=[]),
clientSecret=***, clientId=***, bypassApprovalPrompt=true,
generateRefreshToken=false, jsonFormat=false,
supportedGrantTypes=[authorization_code], supportedResponseTypes=[code])]>
2019-07-12 11:12:22,269 DEBUG
[org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController]
- <Creating access token for
[AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id=https://localhost/ui/login,
originalUrl=https://localhost/ui/login, artifactId=null, principal=null,
source=null, loggedOutAlready=false, format=XML, attributes={}),
authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012,
token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false,
registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***,
name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null,
id=1002, description=***,
expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false,
notifyWhenDeleted=false, expirationDate=null),
proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1,
evaluationOrder=0,
usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
logoutType=BACK_CHANNEL, requiredHandlers=[],
attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null,
principalAttributesRepository=DefaultPrincipalAttributesRepository(),
consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true,
excludedAttributes=null, includeOnlyAttributes=null),
authorizedToReleaseCredentialPassword=false,
authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false,
authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)),
multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
failureMode=NOT_SET, principalAttributeNameTrigger=null,
principalAttributeValueToMatch=null, bypassEnabled=false), logo=null,
logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0,
enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null,
delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]),
requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={},
caseInsensitive=false), publicKey=null, properties={}, contacts=[]),
clientSecret=***, clientId=***, bypassApprovalPrompt=true,
generateRefreshToken=false, jsonFormat=false,
supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]),
ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***,
grantType=AUTHORIZATION_CODE, scopes=[])]>
2019-07-12 11:12:22,269 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Creating refresh token for
[AbstractWebApplicationService(id=https://localhost/ui/login,
originalUrl=https://localhost/ui/login, artifactId=null, principal=null,
source=null, loggedOutAlready=false, format=XML, attributes={})]>
2019-07-12 11:12:22,270 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording
authentication handler result success under key
[org.pac4j.cas.profile.CasProfile]>
2019-07-12 11:12:22,270 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Creating access token for
[AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id=https://localhost/ui/login,
originalUrl=https://localhost/ui/login, artifactId=null, principal=null,
source=null, loggedOutAlready=false, format=XML, attributes={}),
authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012,
token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false,
registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***,
name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null,
id=1002, description=***,
expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false,
notifyWhenDeleted=false, expirationDate=null),
proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1,
evaluationOrder=0,
usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
logoutType=BACK_CHANNEL, requiredHandlers=[],
attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null,
principalAttributesRepository=DefaultPrincipalAttributesRepository(),
consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true,
excludedAttributes=null, includeOnlyAttributes=null),
authorizedToReleaseCredentialPassword=false,
authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false,
authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)),
multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
failureMode=NOT_SET, principalAttributeNameTrigger=null,
principalAttributeValueToMatch=null, bypassEnabled=false), logo=null,
logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0,
enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null,
delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]),
requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={},
caseInsensitive=false), publicKey=null, properties={}, contacts=[]),
clientSecret=***, clientId=***, bypassApprovalPrompt=true,
generateRefreshToken=false, jsonFormat=false,
supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]),
ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***,
grantType=AUTHORIZATION_CODE, scopes=[])]>
2019-07-12 11:12:22,270 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Created access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G]>
2019-07-12 11:12:22,270 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Adding OAuth ticket [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry>
2019-07-12 11:12:22,287 DEBUG
[org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Added ticket
[AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry.>
2019-07-12 11:12:22,293 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Updating ticket-granting ticket
[TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***]>
2019-07-12 11:12:22,304 DEBUG
[org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Updated ticket
[TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***].>
2019-07-12 11:12:22,340 DEBUG
[org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator]
- <Added access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry>
2019-07-12 11:12:22,340 DEBUG
[org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket
usage count [1] is greater than or equal to [1]. Ticket has expired>
2019-07-12 11:12:22,365 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
[OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g] from the registry.>
2019-07-12 11:12:22,365 DEBUG
[org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received
exception due to a type mismatch>
javax.persistence.TransactionRequiredException: Executing an update/delete query
I've reproduced this error against CAS 5.3.9, 5.3.10 and 5.3.11. I haven't
been able to get 6.x running yet in order to test there, but JDK11 isn't an
option for us immediately anyhow. I haven't tried standing up older versions
of CAS. I've tried stumbling my way through the source code, but I haven't
gotten anywhere.
Here's how I'm building the war with maven:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${manifestFileToUse}</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<excludes>
<exclude>/WEB-INF/classes/services/*</exclude>
<!-- explicitly excluding spring-security and retrofit jars
from overlay because cas v5.3.11 includes versions that have vulnerabilities -->
<exclude>/WEB-INF/lib/retrofit-*.jar</exclude>
<exclude>/WEB-INF/lib/spring-security-*.jar</exclude>
</excludes>
</overlay>
</overlays>
</configuration>
</plugin>
I was seeing the same error before we started updating the dependencies in the
war, so that doesn't seem to be the problem. We are still including upgraded
versions of retrofit and spring-security. The excludes is just to remove the
old version from the overlay war.
Any help with this error would be much appreciated.
This e-mail contains information from eOriginal, Inc. that may be proprietary,
confidential and/or subject to a nondisclosure agreement. If you are not an
intended recipient, please notify the sender immediately and delete this e-mail
from your computer. To the extent required under any applicable nondisclosure
agreement, the information contained in this e-mail is marked CONFIDENTIAL.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/177b9606-2d0b-92fb-1ecc-886282975767%40eoriginal.com.
