gonzalad created CXF-7069:
-----------------------------
Summary: Finish JPACodeDataProvider implementation
Key: CXF-7069
URL: https://issues.apache.org/jira/browse/CXF-7069
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.1.7
Reporter: gonzalad
Current JPACodeDataProvider has the following issues :
# Shared entityManager (1 for all clients)
This is because we're injecting an entityManager into JPACodeDataProvider,
which is a singleton (from what I understand all dataProviders are to be used
as singletons).
This has the following effects :
** loading all database in JPA lvl1 cache.
** race conditions between threads (we're using bean managed transaction)
I'm using this kind of configuration :
{code}
<bean id="oidcAuthorizationService"
class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
<property name="dataProvider" ref="oauthProvider"/>
<property name="subjectCreator" ref="subjectCreator"/>
<property name="skipAuthorizationWithOidcScope" value="true"/>
<property name="canSupportPublicClients" value="true"/>
</bean>
<bean id="oauthProvider"
class="org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider"
init-method="init" destroy-method="close">
<property name="entityManager" ref="entityManager"/>
...
</bean>
<bean id="entityManager"
factory-bean="entityManagerFactory"
factory-method="createEntityManager"/>
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
{code}
In our sample, we could resolve this issue by configuring a prototype scoped
oauthProvider *and* an openEntityInView spring filter *and* setting each
reference to oauthProvider as aop:scoped-proxy in spring. IMO, this appears to
me to be too much magic.
# Error when creating a BearerAccessToken during OIDC authorization code flow
This can be reproduced by running Fediz OIDCTest.testOIDCLoginForClient2()
{code}
Caused by: <openjpa-2.4.1-r422266:1730418 fatal store error>
org.apache.openjpa.persistence.RollbackException: The transaction has been
rolled back. See the nested exceptions for details on the errors that occurred.
at
org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:595)
at
org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.saveCodeGrant(JPACodeDataProvider.java:58)
at
org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider.createCodeGrant(JPACodeDataProvider.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
at com.sun.proxy.$Proxy154.createCodeGrant(Unknown Source)
at
org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.getGrantRepresentation(AuthorizationCodeGrantService.java:139)
at
org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService.createGrant(AuthorizationCodeGrantService.java:99)
at
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:213)
at
org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService.startAuthorization(OidcAuthorizationCodeService.java:79)
at
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.startAuthorization(RedirectionBasedGrantService.java:136)
at
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.authorize(RedirectionBasedGrantService.java:94)
at
org.apache.cxf.rs.security.oauth2.services.AuthorizationService.authorize(AuthorizationService.java:58)
at
org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$FastClassBySpringCGLIB$$411268cd.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:718)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
at
org.apache.cxf.rs.security.oauth2.services.AuthorizationService$$EnhancerBySpringCGLIB$$68d08bc2.authorize(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
... 35 more
Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error>
org.apache.openjpa.persistence.PersistenceException: The transaction has been
rolled back. See the nested exceptions for details on the errors that occurred.
at
org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2368)
at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2205)
at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2103)
at
org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2021)
at
org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1526)
at
org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:932)
at
org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:571)
... 77 more
Caused by: <openjpa-2.4.1-r422266:1730418 fatal general error>
org.apache.openjpa.persistence.PersistenceException: data exception: string
data, right truncation; table: BEARERACCESSTOKEN_PARAMETERS column: VALUE
{prepstmnt 549315712
INSERT INTO BearerAccessToken_parameters (BEARERACCESSTOKEN_TOKENKEY, propName,
value)
VALUES (?, ?, ?)
[params=(String) 289fdb944ad4f26bc83e970a8a8b8, (String) id_token, (String)
eyJhbGciOiJSUzI1NiJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbGljZSIsInN1YiI...]}
[code=3401, state=22001]
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
