In general, don't use JPA for ticket registery it has errors; instead, use cache based ticket registery(such as, haselcast or me cache) it will perform well with you
On Fri, Jul 12, 2019, 5:55 PM Ken Hopkins <khopk...@eoriginal.com> wrote: > I am trying to get a jpa-ticket-registry configured for CAS but I'm > getting a TransactionRequiredException in CAS when my application tries to > verify the login token with CAS. > > The exception is: > > javax.persistence.TransactionRequiredException: Executing an update/delete > query > at > org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496) > ~[hibernate-core-5.2.17.Final.jar!/:5.2.17.Final] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:375) > ~[spring-orm-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy216.executeUpdate(Unknown Source) ~[?:?] > at > org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:158) > ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:121) > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:98) > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke(<generated>) > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:667) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$9000de6b.deleteTicket(<generated>) > ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy109.deleteTicket(Unknown Source) ~[?:?] > at > org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator.generate(OAuth20DefaultTokenGenerator.java:67) > ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy175.generate(Unknown Source) ~[?:?] > at > org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:119) > ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:849) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:760) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > ~[tomcat-embed-websocket-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30) > ~[cas-server-core-web-api-5.3.11.jar!/:5.3.11] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) > ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:240) > ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) > ~[cas-server-security-filter-2.0.10.4.jar!/:2.0.10.4] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) > ~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) > ~[cas-server-core-logging-5.3.11.jar!/:5.3.11] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) > ~[spring-boot-actuator-1.5.18.RELEASE.jar!/:1.5.18.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > ~[spring-web-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > ~[inspektr-common-1.8.4.GA.jar!/:1.8.4.GA] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > ~[tomcat-embed-core-8.5.41.jar!/:8.5.41] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > ~[?:1.8.0_192] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > ~[?:1.8.0_192] > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > ~[tomcat-util-8.5.41.jar!/:8.5.41] > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192] > > My application is an > *org.apereo.cas.support.oauth.services.OAuthRegisteredService*. > > My jpa configuration: > > cas.ticket.registry.jpa.ddlAuto=none > cas.ticket.registry.jpa.user=*** > cas.ticket.registry.jpa.password=*** > cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver > cas.ticket.registry.jpa.url=jdbc:oracle:thin:@*** > cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect > > To reproduce the error, I'll request a protected resource in my > application. My application will redirect the user to CAS. The user will > login to CAS. Login seems to be successful. Then CAS will redirect the > user to > /my-app/login?code=OC-1-PCHUeONs6TYsJ2my1qrCJw5pofgZNbqL&state=ZGNbw6 and > my application will return an http 401. The above stack track will be in > my cas log. Here's an excerpt of some debugging messages prior to the > error. Not sure if they are relevant, or if more messages would be helpful: > > 2019-07-12 11:12:22,252 DEBUG > [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Checking grant type > [authorization_code] against supported grant types [[authorization_code]]> > 2019-07-12 11:12:22,252 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor] > - <OAuth grant type is [authorization_code]> > 2019-07-12 11:12:22,252 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor] > - <Located registered service > [OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, > name=***, theme=***, informationUrl=***, privacyUrl=null, > responseType=null, id=1002, description=***, > expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, > notifyWhenDeleted=false, expirationDate=null), > proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, > evaluationOrder=0, > usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, > logoutType=BACK_CHANNEL, requiredHandlers=[], > attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, > principalAttributesRepository=DefaultPrincipalAttributesRepository(), > consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, > excludedAttributes=null, includeOnlyAttributes=null), > authorizedToReleaseCredentialPassword=false, > authorizedToReleaseProxyGrantingTicket=false, > excludeDefaultAttributes=false, > authorizedToReleaseAuthenticationAttributes=true, > principalIdAttribute=null)), > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], > failureMode=NOT_SET, principalAttributeNameTrigger=null, > principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, > logoutUrl=null, > accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, > enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, > delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), > requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, > caseInsensitive=false), publicKey=null, properties={}, contacts=[]), > clientSecret=***, clientId=***, bypassApprovalPrompt=true, > generateRefreshToken=false, jsonFormat=false, > supportedGrantTypes=[authorization_code], supportedResponseTypes=[code])]> > 2019-07-12 11:12:22,269 DEBUG > [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] > - <Creating access token for > [AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id= > https://localhost/ui/login, originalUrl=https://localhost/ui/login, > artifactId=null, principal=null, source=null, loggedOutAlready=false, > format=XML, attributes={}), > authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012, > token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false, > registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, > name=***, theme=***, informationUrl=***, privacyUrl=null, > responseType=null, id=1002, description=***, > expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, > notifyWhenDeleted=false, expirationDate=null), > proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, > evaluationOrder=0, > usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, > logoutType=BACK_CHANNEL, requiredHandlers=[], > attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, > principalAttributesRepository=DefaultPrincipalAttributesRepository(), > consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, > excludedAttributes=null, includeOnlyAttributes=null), > authorizedToReleaseCredentialPassword=false, > authorizedToReleaseProxyGrantingTicket=false, > excludeDefaultAttributes=false, > authorizedToReleaseAuthenticationAttributes=true, > principalIdAttribute=null)), > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], > failureMode=NOT_SET, principalAttributeNameTrigger=null, > principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, > logoutUrl=null, > accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, > enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, > delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), > requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, > caseInsensitive=false), publicKey=null, properties={}, contacts=[]), > clientSecret=***, clientId=***, bypassApprovalPrompt=true, > generateRefreshToken=false, jsonFormat=false, > supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]), > ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***, > grantType=AUTHORIZATION_CODE, scopes=[])]> > 2019-07-12 11:12:22,269 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Creating refresh token for [AbstractWebApplicationService(id= > https://localhost/ui/login, originalUrl=https://localhost/ui/login, > artifactId=null, principal=null, source=null, loggedOutAlready=false, > format=XML, attributes={})]> > 2019-07-12 11:12:22,270 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording > authentication handler result success under key > [org.pac4j.cas.profile.CasProfile]> > 2019-07-12 11:12:22,270 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Creating access token for > [AccessTokenRequestDataHolder(service=AbstractWebApplicationService(id= > https://localhost/ui/login, originalUrl=https://localhost/ui/login, > artifactId=null, principal=null, source=null, loggedOutAlready=false, > format=XML, attributes={}), > authentication=org.apereo.cas.authentication.DefaultAuthentication@28804012, > token=OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g, generateRefreshToken=false, > registeredService=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^***, > name=***, theme=***, informationUrl=***, privacyUrl=null, > responseType=null, id=1002, description=***, > expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, > notifyWhenDeleted=false, expirationDate=null), > proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, > evaluationOrder=0, > usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, > logoutType=BACK_CHANNEL, requiredHandlers=[], > attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, > principalAttributesRepository=DefaultPrincipalAttributesRepository(), > consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, > excludedAttributes=null, includeOnlyAttributes=null), > authorizedToReleaseCredentialPassword=false, > authorizedToReleaseProxyGrantingTicket=false, > excludeDefaultAttributes=false, > authorizedToReleaseAuthenticationAttributes=true, > principalIdAttribute=null)), > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], > failureMode=NOT_SET, principalAttributeNameTrigger=null, > principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, > logoutUrl=null, > accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, > enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, > delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), > requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, > caseInsensitive=false), publicKey=null, properties={}, contacts=[]), > clientSecret=***, clientId=***, bypassApprovalPrompt=true, > generateRefreshToken=false, jsonFormat=false, > supportedGrantTypes=[authorization_code], supportedResponseTypes=[code]), > ticketGrantingTicket=TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***, > grantType=AUTHORIZATION_CODE, scopes=[])]> > 2019-07-12 11:12:22,270 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Created access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G]> > 2019-07-12 11:12:22,270 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Adding OAuth ticket [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry> > 2019-07-12 11:12:22,287 DEBUG > [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Added ticket > [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry.> > 2019-07-12 11:12:22,293 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Updating ticket-granting ticket > [TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***]> > 2019-07-12 11:12:22,304 DEBUG > [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Updated ticket > [TGT-1-**********************************************MBrVCBaeHAnWZCS2jCKKY***].> > 2019-07-12 11:12:22,340 DEBUG > [org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator] > - <Added access token [AT-2-uyPMzNX6A5dfy6JzORUqw8Urxowa0t4G] to registry> > 2019-07-12 11:12:22,340 DEBUG > [org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] - > <Ticket usage count [1] is greater than or equal to [1]. Ticket has expired> > 2019-07-12 11:12:22,365 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket > [OC-2-dHSz-1JmScl4VI6W0VTfzW1UUvLDL67g] from the registry.> > 2019-07-12 11:12:22,365 DEBUG > [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the > received exception due to a type mismatch> > javax.persistence.TransactionRequiredException: Executing an update/delete > query > > I've reproduced this error against CAS 5.3.9, 5.3.10 and 5.3.11. I > haven't been able to get 6.x running yet in order to test there, but JDK11 > isn't an option for us immediately anyhow. I haven't tried standing up > older versions of CAS. I've tried stumbling my way through the source > code, but I haven't gotten anywhere. > > Here's how I'm building the war with maven: > > <plugin> > <groupId>org.apache.maven.plugins</groupId> > <artifactId>maven-war-plugin</artifactId> > <version>3.2.2</version> > <configuration> > <warName>cas</warName> > <failOnMissingWebXml>false</failOnMissingWebXml> > <recompressZippedFiles>false</recompressZippedFiles> > <archive> > <compress>false</compress> > <manifestFile>${manifestFileToUse}</manifestFile> > </archive> > <overlays> > <overlay> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-webapp${app.server}</artifactId> > <excludes> > <exclude>/WEB-INF/classes/services/*</exclude> > <!-- explicitly excluding spring-security and retrofit > jars from overlay because cas v5.3.11 includes versions that have > vulnerabilities --> > <exclude>/WEB-INF/lib/retrofit-*.jar</exclude> > <exclude>/WEB-INF/lib/spring-security-*.jar</exclude> > </excludes> > </overlay> > </overlays> > </configuration> > </plugin> > > I was seeing the same error before we started updating the dependencies in > the war, so that doesn't seem to be the problem. We are still including > upgraded versions of retrofit and spring-security. The excludes is just to > remove the old version from the overlay war. > > Any help with this error would be much appreciated. > > > This e-mail contains information from eOriginal, Inc. that may be > proprietary, confidential and/or subject to a nondisclosure agreement. If > you are not an intended recipient, please notify the sender immediately and > delete this e-mail from your computer. To the extent required under any > applicable nondisclosure agreement, the information contained in this > e-mail is marked CONFIDENTIAL. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/177b9606-2d0b-92fb-1ecc-886282975767%40eoriginal.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/177b9606-2d0b-92fb-1ecc-886282975767%40eoriginal.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMKQGEawzjOvBq-KrUPv_f1XBh31NF4QwSnq44v-C%3DTsvs%3D2Lg%40mail.gmail.com.