Actions
bug #8169
openbug #7105: potential dangerous use of factory.openSession()
avoid factory.openSession() in DaoBase
Start date:
Due date:
% Done:
0%
Estimated time:
Severity:
normal
Found in Version:
Description
In DaoBase using factory.openSession()
is plain wrong, the HibernateTransactionManger should be used instead.
Related issues
Updated by Andreas Kohlbecker over 5 years ago
- Copied from bug #7106: avoid factory.openSession() in CdmRepository added
Updated by Andreas Kohlbecker over 5 years ago
Here is a case found in the server log (occurred 6x in a couple of hours):
[phycobank] 2019-03-15 10:27:44,704 DEBUG [qtp1207140081-23] [org.springframework.remoting.support.RemoteInvocationTraceInterceptor] - Incoming HttpInvokerServiceExporter remote call: eu.etaxonomy.cdm.api.service.IVersionableServic e.isDeletable [phycobank] 2019-03-15 10:27:44,704 ERROR [qtp1207140081-23] [eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase] - Opening new session in turn of a HibernateException org.hibernate.HibernateException: Could not obtain transaction-synchronized Session for current thread at org.springframework.orm.hibernate5.SpringSessionContext.currentSession(SpringSessionContext.java:132) at org.hibernate.internal.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:697) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase.getSession(DaoBase.java:59) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.getSession(CdmEntityDaoBase.java:267) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.findByUuid(CdmEntityDaoBase.java:414) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.findByUuid(CdmEntityDaoBase.java:410) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.VersionableDaoBase.findByUuid(VersionableDaoBase.java:67) at eu.etaxonomy.cdm.persistence.dao.hibernate.common.VersionableDaoBase.findByUuid(VersionableDaoBase.java:36) at eu.etaxonomy.cdm.api.service.ServiceBase.find(ServiceBase.java:148) at eu.etaxonomy.cdm.api.service.VersionableServiceBase.isDeletable(VersionableServiceBase.java:81) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy196.isDeletable(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:78) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) at com.sun.proxy.$Proxy299.isDeletable(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)
Updated by Andreas Kohlbecker over 5 years ago
VersionableServiceBase.isDeletable misses the @Transactional(readOnly = true) annotation!
Updated by Andreas Müller about 2 months ago
- Priority changed from New to Highest
Updated by Andreas Müller about 2 months ago
- Target version changed from Unassigned CDM tickets to Release 5.46
Actions