Project

General

Profile

Defect #2600

Removing authorization policy form role assigned to many users fails

Added by Vladimír Kotýnek 8 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Authentication / Authorization
Target version:
Start date:
12/07/2020
Due date:
% Done:

100%

Estimated time:
Affected versions:
Milestones:

Description

I have a role in my environment assigned to approximately 1000 identities (as a part of a business role - I don't think it matters). The role has authorization policies configured in IDM.
When I want to remove any policy from the role the job in frontend gets stuck. Nothing happens.
After a several minutes an Exception :

org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is org.hibernate.exception.JDBCConnectionException: Unable to acquire JDBC Connection
    at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:446)
    at org.springframework.transaction.support.AbstractPlatformTransactionManager.handleExistingTransaction(AbstractPlatformTransactionManager.java:430)
    at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:354)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:475)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:289)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$718d48a5.saveStates(<generated>)
    at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:275)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:372)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:243)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$718d48a5.process(<generated>)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.publish(AbstractEventableDtoService.java:64)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.publish(AbstractEventableDtoService.java:51)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.save(AbstractEventableDtoService.java:82)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService$$FastClassBySpringCGLIB$$28b457d3.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmTokenService$$EnhancerBySpringCGLIB$$dbbd2b77.save(<generated>)
    at eu.bcvsolutions.idm.core.security.service.impl.DefaultTokenManager.disableToken(DefaultTokenManager.java:180)
    at eu.bcvsolutions.idm.core.security.service.impl.DefaultTokenManager.lambda$disableTokens$1(DefaultTokenManager.java:153)
    at java.lang.Iterable.forEach(Iterable.java:75)
    at eu.bcvsolutions.idm.core.security.service.impl.DefaultTokenManager.disableTokens(DefaultTokenManager.java:152)
    at eu.bcvsolutions.idm.core.security.service.impl.DefaultTokenManager$$FastClassBySpringCGLIB$$cfae3686.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.security.service.impl.DefaultTokenManager$$EnhancerBySpringCGLIB$$1a3c0dea.disableTokens(<generated>)
    at eu.bcvsolutions.idm.core.model.event.processor.policy.AuthorizationPolicyDeletePermissionsChangeProcessor.lambda$process$0(AuthorizationPolicyDeletePermissionsChangeProcessor.java:60)
    at java.util.ArrayList.forEach(ArrayList.java:1259)
    at eu.bcvsolutions.idm.core.model.event.processor.policy.AuthorizationPolicyDeletePermissionsChangeProcessor.process(AuthorizationPolicyDeletePermissionsChangeProcessor.java:59)
    at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:238)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:372)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:243)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$718d48a5.process(<generated>)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.publish(AbstractEventableDtoService.java:64)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.publish(AbstractEventableDtoService.java:51)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService.save(AbstractEventableDtoService.java:82)
    at eu.bcvsolutions.idm.core.api.service.AbstractEventableDtoService$$FastClassBySpringCGLIB$$28b457d3.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmAuthorizationPolicyService$$EnhancerBySpringCGLIB$$8fe4fd01.save(<generated>)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultImportManager.executeImportForType(DefaultImportManager.java:384)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultImportManager.lambda$internalExecuteImport$1(DefaultImportManager.java:227)
    at java.util.ArrayList.forEach(ArrayList.java:1259)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultImportManager.internalExecuteImport(DefaultImportManager.java:227)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultImportManager$$FastClassBySpringCGLIB$$6e60f64f.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultImportManager$$EnhancerBySpringCGLIB$$25a1f2e5.internalExecuteImport(<generated>)
    at eu.bcvsolutions.idm.core.scheduler.task.impl.ImportTaskExecutor.process(ImportTaskExecutor.java:69)
    at eu.bcvsolutions.idm.core.scheduler.task.impl.ImportTaskExecutor.process(ImportTaskExecutor.java:32)
    at eu.bcvsolutions.idm.core.scheduler.api.service.AbstractLongRunningTaskExecutor.call(AbstractLongRunningTaskExecutor.java:262)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at eu.bcvsolutions.idm.core.config.DelegatingTransactionContextRunnable.run(DelegatingTransactionContextRunnable.java:39)
    at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java:84)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.hibernate.exception.JDBCConnectionException: Unable to acquire JDBC Connection
    at org.hibernate.exception.internal.SQLExceptionTypeDelegate.convert(SQLExceptionTypeDelegate.java:48)
    at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:42)
    at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:113)
    at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:99)
    at org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl.acquireConnectionIfNeeded(LogicalConnectionManagedImpl.java:109)
    at org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl.getPhysicalConnection(LogicalConnectionManagedImpl.java:136)
    at org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl.getConnectionForTransactionManagement(LogicalConnectionManagedImpl.java:254)
    at org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl.begin(LogicalConnectionManagedImpl.java:262)
    at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl$TransactionDriverControlImpl.begin(JdbcResourceLocalTransactionCoordinatorImpl.java:236)
    at org.hibernate.engine.transaction.internal.TransactionImpl.begin(TransactionImpl.java:86)
    at org.springframework.orm.jpa.vendor.HibernateJpaDialect.beginTransaction(HibernateJpaDialect.java:183)
    at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:401)
    ... 102 more
Caused by: java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 30000ms.
    at com.zaxxer.hikari.pool.HikariPool.createTimeoutException(HikariPool.java:676)
    at com.zaxxer.hikari.pool.HikariPool.getConnection(HikariPool.java:190)
    at com.zaxxer.hikari.pool.HikariPool.getConnection(HikariPool.java:155)
    at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:128)
    at org.hibernate.engine.jdbc.connections.internal.DatasourceConnectionProviderImpl.getConnection(DatasourceConnectionProviderImpl.java:122)
    at org.hibernate.internal.NonContextualJdbcConnectionAccess.obtainConnection(NonContextualJdbcConnectionAccess.java:35)
    at org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl.acquireConnectionIfNeeded(LogicalConnectionManagedImpl.java:106)
    ... 109 more

starts appearing in catalina.out until I restart the PostgreSQL database.

When I disable authorization-policy-delete-permissions-change-processor processor the authorization policy can be performed.


Related issues

Related to CzechIdM - Task #1200: Business role - design and implementationClosed07/27/2018

Related to CzechIdM - Task #309: OAuth2 - proof of conceptClosed04/07/201704/07/2017

History

#2 Updated by Radek Tomiška 8 months ago

  • Status changed from New to In Progress
  • Target version set to 10.8.0

#3 Updated by Radek Tomiška 8 months ago

  • Related to Task #1200: Business role - design and implementation added

#4 Updated by Radek Tomiška 8 months ago

  • Related to Task #309: OAuth2 - proof of concept added

#5 Updated by Radek Tomiška 8 months ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90
  • Affected versions Malachite (9.0.0) added
  • Affected versions deleted (10.6.3)

Authorization policy is deleted by BE bulk action (asynchronous => FE will not be stucked) and few performance improvement was added to prevent large hibernate transaction (=> prevent to exception above).

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/0b2d7ca10f2b7d7c7dc0b0bf6f4f5ab0794a8db2

Could you provide me a feedback, please?

#6 Updated by Vít Švanda 5 months ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I did reivew and tested it. Thnaks for this big optimization..

#7 Updated by Radek Tomiška 5 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF

Go to top