Crowd のアップグレード後に Crowd にログインできない
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
None of Crowd User able to login into Crowd after an upgrade. However, user can login into applications that is connected to Crowd.
The following appears in the atlassian-crowd.log when user try to login into Crowd:
2018-07-03 13:46:55,917 http-nio-8095-exec-11 ERROR [crowd.console.action.Login] An error occurred processing the authentication request
org.springframework.security.authentication.AuthenticationServiceException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.translateException(CrowdAuthenticationProvider.java:248)
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticateUsernamePassword(CrowdAuthenticationProvider.java:133)
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticate(CrowdAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
...
Caused by: org.hibernate.ObjectNotFoundException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
at org.hibernate.boot.internal.StandardEntityNotFoundDelegate.handleEntityNotFound(StandardEntityNotFoundDelegate.java:28)
at org.hibernate.proxy.AbstractLazyInitializer.checkTargetState(AbstractLazyInitializer.java:235)
at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:157)
at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:259)
at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:73)
at com.atlassian.crowd.model.application.DirectoryMapping_$$_jvstf59_1a.getDirectory(DirectoryMapping_$$_jvstf59_1a.java)診断
Diagnostic Steps
Run SQL select like example below (the following is created for MySQL database):
select ca.id as "application_id",ca.application_name,
adgm.app_dir_mapping_id as "adgm.app_dir_mapping_id",adgm.group_name as "adgm.group_name",adgm.id as "adgm_id",
adm.id as "adm_id",adm.directory_id as "directory_id",
gp.ID as "gp_id",gp.permission_id,gp.app_dir_mapping_id as "gp.app_dir_mapping_id",gp.group_name as "gp.group_name" from
cwd_app_dir_group_mapping adgm join
cwd_app_dir_mapping adm on adm.id=adgm.app_dir_mapping_id join
cwd_granted_perm gp on gp.group_mapping=adgm.id join
cwd_application ca on ca.id=adm.application_id;- adgm.group_name must match the gp.group_name
- adm_id must match the app_dir_mapping_id
- gp.app_dir_mapping_id must match the adm_id and adgm.app_dir_mapping_id
- adgm.group_name must match the gp.group_name
原因
Column called app_dir_mapping_id in the Table cwd_granted_perm is referring to non-existence ID. For example:
application_id: 2
application_name: crowd
adgm.app_dir_mapping_id: 196609
adgm.group_name: crowd-administrators
adgm_id: 229377
adm_id: 196609
directory_id: 32769
gp_id: 3866625
permission_id: 2
gp.app_dir_mapping_id: 0
gp.group_name: ソリューション
- Since the fix require manual database update, shutdown Crowd and generate database backup
Then, update the table cwd_granted_perm manually. The following example is generated based on the example data shown above:
update cwd_granted_perm set app_dir_mapping_id=196609, group_name='crowd-administrators' where ID=3866625;Start Crowd and verify if any Crowd user can login