Project

General

Profile

bug #8169

bug #7105: potential dangerous use of factory.openSession()

avoid factory.openSession() in DaoBase

Added by Andreas Kohlbecker 6 months ago. Updated 5 months ago.

Status:
New
Priority:
New
Category:
cdmlib
Target version:
Start date:
12/04/2017
Due date:
% Done:

0%

Severity:
normal
Found in Version:

Description

In DaoBase using factory.openSession() is plain wrong, the HibernateTransactionManger should be used instead.


Related issues

Copied from Edit - bug #7106: avoid factory.openSession() in CdmRepository Closed 12/04/2017

Associated revisions

Revision 6d6ae033 (diff)
Added by Andreas Kohlbecker 6 months ago

ref #7106 logging unintentially creation of unmanaged new session in DaoBase with stacktrace

Revision a296b200 (diff)
Added by Andreas Kohlbecker 5 months ago

ref #8169 adding missing @Transactional to VersionableServiceBase.isDeletable()

Revision e3062b17 (diff)
Added by Andreas Kohlbecker 4 months ago

ref #8169 adding missing @Transactional to VersionableServiceBase.isDeletable()

History

#1 Updated by Andreas Kohlbecker 6 months ago

  • Copied from bug #7106: avoid factory.openSession() in CdmRepository added

#2 Updated by Andreas Kohlbecker 5 months ago

Here is a case found in the server log (occurred 6x in a couple of hours):

[phycobank] 2019-03-15 10:27:44,704 DEBUG [qtp1207140081-23] [org.springframework.remoting.support.RemoteInvocationTraceInterceptor] - Incoming HttpInvokerServiceExporter remote call: eu.etaxonomy.cdm.api.service.IVersionableServic
e.isDeletable
[phycobank] 2019-03-15 10:27:44,704 ERROR [qtp1207140081-23] [eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase] - Opening new session in turn of a HibernateException
org.hibernate.HibernateException: Could not obtain transaction-synchronized Session for current thread
        at org.springframework.orm.hibernate5.SpringSessionContext.currentSession(SpringSessionContext.java:132)
        at org.hibernate.internal.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:697)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.DaoBase.getSession(DaoBase.java:59)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.getSession(CdmEntityDaoBase.java:267)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.findByUuid(CdmEntityDaoBase.java:414)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.CdmEntityDaoBase.findByUuid(CdmEntityDaoBase.java:410)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.VersionableDaoBase.findByUuid(VersionableDaoBase.java:67)
        at eu.etaxonomy.cdm.persistence.dao.hibernate.common.VersionableDaoBase.findByUuid(VersionableDaoBase.java:36)
        at eu.etaxonomy.cdm.api.service.ServiceBase.find(ServiceBase.java:148)
        at eu.etaxonomy.cdm.api.service.VersionableServiceBase.isDeletable(VersionableServiceBase.java:81)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at com.sun.proxy.$Proxy196.isDeletable(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
        at org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:78)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
        at com.sun.proxy.$Proxy299.isDeletable(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)

#3 Updated by Andreas Kohlbecker 5 months ago

VersionableServiceBase.isDeletable misses the @Transactional(readOnly = true) annotation!

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)