Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #4626 (closed)

Opened 13 years ago

Closed 13 years ago

Bug: new LDAP password usage causes exception

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: OMERO-Beta4.3
Component: Security Version: n.a.
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2011-05-05 (11)

Description

 Wrapped Exception: (org.springframework.jdbc.UncategorizedSQLException):
Hibernate operation: could not insert: [ome.model.meta.ExperimenterGroup]; uncategorized SQLException for SQL [insert into experimentergroup (description, external_id, permissions, name, version, id) values (?, ?, ?, ?, ?, ?)]; SQL state [25006]; error code [0]; ERROR: transaction is read-only; nested exception is org.postgresql.util.PSQLException: ERROR: transaction is read-only

Change History (5)

comment:1 Changed 13 years ago by jmoore

...last 100 lines...
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy61.doWork(Unknown Source)
	at ome.services.util.Executor$Impl.execute(Executor.java:369)
	at ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(SessionManagerImpl.java:954)
	at ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:941)
	at ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:915)
	at ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:72)
	at Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:90)
	at Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:118)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
Caused by: org.postgresql.util.PSQLException: ERROR: transaction is read-only
	at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:1608)
	at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1343)
	at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:194)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:451)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:350)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:304)
	at sun.reflect.GeneratedMethodAccessor219.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at bitronix.tm.resource.jdbc.BaseProxyHandlerClass.invoke(BaseProxyHandlerClass.java:63)
	at $Proxy55.executeUpdate(Unknown Source)
	at org.hibernate.jdbc.NonBatchingBatcher.addToBatch(NonBatchingBatcher.java:46)
	at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2418)
	at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2858)
	at org.hibernate.action.EntityInsertAction.execute(EntityInsertAction.java:79)
	at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:267)
	at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:259)
	at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:178)
	at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:321)
	at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:51)
	at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1208)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.tools.hibernate.SessionFactory.invoke(SessionFactory.java:102)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy62.flush(Unknown Source)
	at ome.security.auth.SimpleRoleProvider.createExperimenter(SimpleRoleProvider.java:105)
	at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:305)
	at ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:85)
	at ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42)
	at ome.logic.AdminImpl.checkPassword(AdminImpl.java:1121)
	at ome.services.sessions.SessionManagerImpl$8.doWork(SessionManagerImpl.java:960)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:439)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:144)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	... 22 more
2011-03-08 10:24:59,518 INFO  [        ome.services.util.ServiceHandler] (l.Server-2)  Excp:	org.springframework.jdbc.UncategorizedSQLException: Hibernate operation: could not insert: [ome.model.meta.ExperimenterGroup]; uncategorized SQLException for SQL [insert into experimentergroup (description, external_id, permissions, name, version, id) values (?, ?, ?, ?, ?, ?)]; SQL state [25006]; error code [0]; ERROR: transaction is read-only; nested exception is org.postgresql.util.PSQLException: ERROR: transaction is read-only
2011-03-08 10:24:59,519 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-2) Exception thrown while checking password for:jmoore
ome.conditions.InternalException:  Wrapped Exception: (org.springframework.jdbc.UncategorizedSQLException):
Hibernate operation: could not insert: [ome.model.meta.ExperimenterGroup]; uncategorized SQLException for SQL [insert into experimentergroup (description, external_id, permissions, name, version, id) values (?, ?, ?, ?, ?, ?)]; SQL state [25006]; error code [0]; ERROR: transaction is read-only; nested exception is org.postgresql.util.PSQLException: ERROR: transaction is read-only
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:83)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
	at org.springframework.orm.hibernate3.HibernateAccessor.convertJdbcAccessException(HibernateAccessor.java:424)
	at org.springframework.orm.hibernate3.HibernateAccessor.convertHibernateAccessException(HibernateAccessor.java:410)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:117)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy61.doWork(Unknown Source)
	at ome.services.util.Executor$Impl.execute(Executor.java:369)
	at ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(SessionManagerImpl.java:954)
	at ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:941)
	at ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:915)
	at ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:72)
	at Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:90)
	at Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:118)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
2011-03-08 10:27:00,020 INFO  [ ome.services.blitz.fire.SessionManagerI] (3-thread-3) Performing requestHeartbeats

comment:2 Changed 13 years ago by jmoore

  • Owner set to jmoore

comment:3 Changed 13 years ago by jmoore

  • Sprint set to 2011-05-05 (11)
  • Status changed from new to accepted

comment:4 Changed 13 years ago by jmoore

There doesn't seem to be a straight-forward way from preventing the ERROR message other than silencing them in log4j (which would have other implications). Instead, we can introduce a new argument to many of the server-side method signatures (..., boolean readOnly) to stop the creation of the LDAP user for a @Transactional(readOnly=true) thread.

comment:5 Changed 13 years ago by jmoore <josh@…>

  • Remaining Time set to 0
  • Resolution set to fixed
  • Status changed from accepted to closed

(In [ef01915b3970c5934c6c0694363d7108e6acc8c1/ome.git] on branch develop) Prevent ERROR log on LDAP login which creates new user (Fix #4626)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.69005 sec.)

We're Hiring!