Hi Hugo,
your configuration steps on Syncope are correct. And also you
understanding of what the authenticate script script should do.
The problem could reside on your script, but I'm not sure.
I have few questions:
- is the user with which you are trying to authenticate on Syncope? Did
you assign your rest resource to that user? Has it correctly been
propagated to the resource?
- did you add a mapping for your REST resource for password field?
- is the "random id" ever valued? I suppose so (only to be sure ;) )
- could you attach the whole core.log output (or the log file)?
Best regards,
Andrea
Il 27/02/2018 12:52, HugoCerdeira ha scritto:
Hi,
I'm having problem trying to use the pass-through authentication on syncope.
I have the resource configured, but when I use basic authentication to
access the REST api, with the wrong password (so it uses my groovy
authScript), I get a 500 with the following error:
/HTTP Status 500 - The transaction cannot be committed, because it was
already marked for rollback only. The transaction will be rolled back
instead. The cause of the rollback-only status is reported in the embedded
stack.; nested exception is <openjpa-2.4.1-r422266:1730418 fatal general
error> org.apache.openjpa.persistence.PersistenceException: The
transaction cannot be committed, because it was already marked for rollback
only. The transaction will be rolled back instead. The cause of the
rollback-only status is reported in the embedded stack.
<div class="line"></div><p>*type* Exception report</p><p>*message* <u>The
transaction cannot be committed, because it was already marked for rollback
only. The transaction will be rolled back instead. The cause of the
rollback-only status is reported in the embedded stack.; nested exception is
<openjpa-2.4.1-r422266:1730418 fatal general error>
org.apache.openjpa.persistence.PersistenceException: The transaction cannot
be committed, because it was already marked for rollback only. The
transaction will be rolled back instead. The cause of the rollback-only
status is reported in the embedded stack.</u></p><p>*description* <u>The
server encountered an internal error that prevented it from fulfilling this
request.</u></p><p>*exception*</p><pre>org.springframework.orm.jpa.JpaSystemException:
The transaction cannot be committed, because it was already marked for
rollback only. The transaction will be rolled back instead. The cause of
the rollback-only status is reported in the embedded stack.; nested
exception is <openjpa-2.4.1-r422266:1730418 fatal general error>
org.apache.openjpa.persistence.PersistenceException: The transaction cannot
be committed, because it was already marked for rollback only. The
transaction will be rolled back instead. The cause of the rollback-only
status is reported in the embedded stack.
org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:418)
org.springframework.orm.jpa.DefaultJpaDialect.translateExceptionIfPossible(DefaultJpaDialect.java:122)
org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:521)
org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761)
org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730)
org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:487)
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:291)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$3a00c451.authenticate(<generated>)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:132)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:128)
org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:114)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider.authenticate(SyncopeAuthenticationProvider.java:128)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
</pre><p>*root cause*</p><pre><openjpa-2.4.1-r422266:1730418 fatal
general error> org.apache.openjpa.persistence.PersistenceException: The
transaction cannot be committed, because it was already marked for rollback
only. The transaction will be rolled back instead. The cause of the
rollback-only status is reported in the embedded stack.
org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:89)
org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:517)
org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761)
org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730)
org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:487)
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:291)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$3a00c451.authenticate(<generated>)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:132)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:128)
org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:114)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider.authenticate(SyncopeAuthenticationProvider.java:128)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
</pre><p>*root cause*</p><pre><openjpa-2.4.1-r422266:1730418 nonfatal
user error> org.apache.openjpa.persistence.ArgumentException: null
org.apache.openjpa.kernel.BrokerImpl.setRollbackOnly(BrokerImpl.java:1645)
org.apache.openjpa.kernel.DelegatingBroker.setRollbackOnly(DelegatingBroker.java:972)
org.apache.openjpa.persistence.EntityManagerImpl.setRollbackOnly(EntityManagerImpl.java:628)
org.springframework.orm.jpa.JpaTransactionManager$JpaTransactionObject.setRollbackOnly(JpaTransactionManager.java:655)
org.springframework.orm.jpa.JpaTransactionManager.doSetRollbackOnly(JpaTransactionManager.java:566)
org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:860)
org.springframework.transaction.support.AbstractPlatformTransactionManager.rollback(AbstractPlatformTransactionManager.java:830)
org.springframework.transaction.interceptor.TransactionAspectSupport.completeTransactionAfterThrowing(TransactionAspectSupport.java:505)
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:285)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
com.sun.proxy.$Proxy144.getConnObjectKeyValue(Unknown Source)
org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:183)
org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:148)
org.apache.syncope.core.spring.security.AuthDataAccessor$$FastClassBySpringCGLIB$$b4b63ada.invoke(<generated>)
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$3a00c451.authenticate(<generated>)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:132)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider$2.exec(SyncopeAuthenticationProvider.java:128)
org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:114)
org.apache.syncope.core.spring.security.SyncopeAuthenticationProvider.authenticate(SyncopeAuthenticationProvider.java:128)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)/
From the example on git here
<https://github.com/apache/syncope/blob/master/fit/core-reference/src/test/resources/rest/AuthenticateScript.groovy>
, I concluded that in order to the script succeed authenticating the user it
must return a valid user Id, so my script (for testing purposes) literally
returns an id from an user:
return "random id";
My configs
Resource config
<http://syncope-user.1051894.n5.nabble.com/file/t338967/1.png>
<http://syncope-user.1051894.n5.nabble.com/file/t338967/2.png>
<http://syncope-user.1051894.n5.nabble.com/file/t338967/3.png>
<http://syncope-user.1051894.n5.nabble.com/file/t338967/4.png>
Policy
<http://syncope-user.1051894.n5.nabble.com/file/t338967/pol.png>
Any help is greatly appreciated, thanks,
Hugo Cerdeira.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member