[jira] [Updated] (CXF-7069) Finish JPACodeDataProvider implementation

gonzalad (JIRA) Sat, 24 Sep 2016 15:25:00 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


gonzalad updated CXF-7069:
--------------------------
    Attachment: CXF-7069-hbmxml.patch

Proposed patch for hibernate optimisation (httpVerbs and uris OAuthPermission 
attributes are put in 2nd level cache).

This is achieved by using specific hibernate hbm.xml (instead of hibernate 
annotations) to override Permission and OAuthPermission. 


> Finish JPACodeDataProvider implementation
> -----------------------------------------
>
>                 Key: CXF-7069
>                 URL: https://issues.apache.org/jira/browse/CXF-7069
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: gonzalad
>         Attachments: CXF-7069-hbmxml.patch, CXF-7069-patch.diff
>
>
> Current JPACodeDataProvider has the following issues :
> # Shared entityManager (1 for all clients)
>    This is because we're injecting an entityManager into JPACodeDataProvider, 
> which is a singleton (from what I understand all dataProviders are to be used 
> as singletons).
>    This has the following effects :
>     ** loading all database in JPA lvl1 cache. 
>     ** race conditions between threads (we're using bean managed transaction)
>   I'm using this kind of configuration :
> {code}
>   <bean id="oidcAuthorizationService" 
> class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
>          <property name="dataProvider" ref="oauthProvider"/>
>          <property name="subjectCreator" ref="subjectCreator"/>
>          <property name="skipAuthorizationWithOidcScope" value="true"/>
>          <property name="canSupportPublicClients" value="true"/>
>   </bean>
>   <bean id="oauthProvider"
>           
> class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
>           init-method="init" destroy-method="close">
>         <property name="entityManager" ref="entityManager"/>
>         ...
>   </bean>
>   <bean id="entityManager"
>           factory-bean="entityManagerFactory"
>           factory-method="createEntityManager"/>
>   <bean id="entityManagerFactory"
>           
> class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> {code}
> In our sample, we could resolve this issue by configuring  a prototype scoped 
> oauthProvider *and* an openEntityInView spring filter *and* setting each 
> reference to oauthProvider as aop:scoped-proxy in spring. IMO, this appears 
> to me to be too much magic.
> # Error when creating a BearerAccessToken during OIDC authorization code flow
>    This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2() 
> {code}
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error> 
> org.apache.openjpa.persistence.RollbackException: The transaction has been 
> rolled back.  See the nested exceptions for details on the errors that 
> occurred.
>     at 
> org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
>     at 
> org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
>     at 
> org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at 
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
>     at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
>     at 
> org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
>     at 
> org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
>     at 
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
>     at 
> org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
>     at 
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
>     at 
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
>     at 
> org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
>     at 
> org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
>     at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>     at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>     at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>     at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
>     at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at 
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>     at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
>     at 
> org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at 
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
>     at 
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
>     ... 35 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> 
> org.apache.openjpa.persistence.PersistenceException: The transaction has been 
> rolled back.  See the nested exceptions for details on the errors that 
> occurred.
>     at 
> org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
>     at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
>     at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
>     at 
> org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
>     at 
> org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
>     at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
>     at 
> org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
>     at 
> org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
>     ... 77 more
> Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error> 
> org.apache.openjpa.persistence.PersistenceException: data exception: string 
> data, right truncation;  table: BEARERACCESSTOKEN_PARAMETERS column: VALUE 
> {prepstmnt 549315712
> INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, 
> propName,
>         value)
>     VALUES (?, ?, ?)
> [params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String) 
> eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]} 
> [code=3401, state=22001]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (CXF-7069) Finish JPACodeDataProvider implementation

Reply via email to