cas jpa-ticket-registry with oauth-webflow javax.persistence.TransactionRequiredException
Ken Hopkins
I am trying to get a jpa-ticket-registry configured for CAS but I'm getting a TransactionRequiredException in CAS when my application tries to verify the login token with CAS.
The exception is:
javax.persistence.TransactionRequiredException: Executing an update/delete query
at org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496) ~[hibernate-core-5.2.17.Final.jar!/:5.2.17.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:375) ~[spring-orm-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy216.executeUpdate(Unknown Source) ~[?:?]
at org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:158) ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11]
at org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:121) ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:98) ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke(<generated>) ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:667) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$9000de6b.deleteTicket(<generated>) ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy109.deleteTicket(Unknown Source) ~[?:?]
at org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator.generate(OAuth20DefaultTokenGenerator.java:67) ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at com.sun.proxy.$Proxy175.generate(Unknown Source) ~[?:?]
at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:119) ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:849) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:760) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30) ~[cas-server-core-web-api-5.3.11.jar!/:5.3.11]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:240) ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) ~[cas-server-core-logging-5.3.11.jar!/:5.3.11]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) ~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.4.GA.jar!/:1.8.4.GA]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.41.jar!/:8.5.41]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_192]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_192]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util-8.5.41.jar!/:8.5.41]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]
My application is an org.apereo.cas.support.oauth.services.OAuthRegisteredService.
My jpa configuration:
cas.ticket.registry.jpa.ddlAuto=none
cas.ticket.registry.jpa.user=***
cas.ticket.registry.jpa.password=***
cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
cas.ticket.registry.jpa.url=jdbc:oracle:thin:@***
cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
To reproduce the error, I'll request a protected resource in my application. My application will redirect the user to CAS. The user will login to CAS. Login seems to be successful. Then CAS will redirect the user to /my-app/login?code=OC-1-PCHUeONs6TYsJ2my1qrCJw5pofgZNbqL&state=ZGNbw6 and my application will return an http 401. The above stack track will be in my cas log. Here's an excerpt of some debugging messages prior to the error. Not sure if they are relevant, or if more messages would be helpful:
2019-07-12 11:12:22,252 DEBUG [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Checking grant type [authorization_code] against supported grant types [[authorization_code]]>
2019-07-12 11:12:22,252 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor] - <OAuth grant type is [authorization_code]>
2019-07-12 11:12:22,252 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor] - <Located registered service [OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null, id=1002, description=***, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=0, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), clientSecret=***, clientId=***, bypassApprovalPrompt=true, generateRefreshToken=false, jsonFormat=false, supportedGrantTypes=[authorization_code], supportedResponseTypes=[code])]>
2019-07-12 11:12:22,269 DEBUG [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Creating access token for [AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id=https://localhost/ui/login, originalUrl=https://localhost/ui/login, artifactId=null, principal=null, source=null, loggedOutAlready=false, format=XML, attributes={}), authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012, token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false, registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null, id=1002, description=***, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=0, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), clientSecret=***, clientId=***, bypassApprovalPrompt=true, generateRefreshToken=false, jsonFormat=false, supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]), ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***, grantType=AUTHORIZATION_CODE, scopes=[])]>
2019-07-12 11:12:22,269 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Creating refresh token for [AbstractWebApplicationService(id=https://localhost/ui/login, originalUrl=https://localhost/ui/login, artifactId=null, principal=null, source=null, loggedOutAlready=false, format=XML, attributes={})]>
2019-07-12 11:12:22,270 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler result success under key [org.pac4j.cas.profile.CasProfile]>
2019-07-12 11:12:22,270 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Creating access token for [AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id=https://localhost/ui/login, originalUrl=https://localhost/ui/login, artifactId=null, principal=null, source=null, loggedOutAlready=false, format=XML, attributes={}), authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012, token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false, registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, name=***, theme=***, informationUrl=***, privacyUrl=null, responseType=null, id=1002, description=***, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=0, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=null, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), clientSecret=***, clientId=***, bypassApprovalPrompt=true, generateRefreshToken=false, jsonFormat=false, supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]), ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***, grantType=AUTHORIZATION_CODE, scopes=[])]>
2019-07-12 11:12:22,270 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Created access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G]>
2019-07-12 11:12:22,270 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Adding OAuth ticket [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry>
2019-07-12 11:12:22,287 DEBUG [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Added ticket [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry.>
2019-07-12 11:12:22,293 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Updating ticket-granting ticket [TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***]>
2019-07-12 11:12:22,304 DEBUG [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Updated ticket [TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***].>
2019-07-12 11:12:22,340 DEBUG [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] - <Added access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry>
2019-07-12 11:12:22,340 DEBUG [org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket usage count [1] is greater than or equal to [1]. Ticket has expired>
2019-07-12 11:12:22,365 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g] from the registry.>
2019-07-12 11:12:22,365 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
javax.persistence.TransactionRequiredException: Executing an update/delete query
I've reproduced this error against CAS 5.3.9, 5.3.10 and 5.3.11. I haven't been able to get 6.x running yet in order to test there, but JDK11 isn't an option for us immediately anyhow. I haven't tried standing up older versions of CAS. I've tried stumbling my way through the source code, but I haven't gotten anywhere.
Here's how I'm building the war with maven:
I was seeing the same error before we started updating the dependencies in the war, so that doesn't seem to be the problem. We are still including upgraded versions of retrofit and spring-security. The excludes is just to remove the old version from the overlay war.<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${manifestFileToUse}</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<excludes>
<exclude>/WEB-INF/classes/services/*</exclude>
<!-- explicitly excluding spring-security and retrofit jars from overlay because cas v5.3.11 includes versions that have vulnerabilities -->
<exclude>/WEB-INF/lib/retrofit-*.jar</exclude>
<exclude>/WEB-INF/lib/spring-security-*.jar</exclude>
</excludes>
</overlay>
</overlays>
</configuration>
</plugin>
Any help with this error would be much appreciated.
abdelrahman halawa
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/177b9606-2d0b-92fb-1ecc-886282975767%40eoriginal.com.