A mutative operation was attempted on RememberMeTokenImpl

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

The following stack trace appears to the user in the UI when trying to login:

Stack Trace: 
java.lang.IllegalStateException: XSRF: A mutative operation was attempted on RememberMeTokenImpl within a non-mutative HTTP request: https://<bambooURL>/allPlans.action : [null]->
->[[username, timestamp, cookie]]

                at com.atlassian.bamboo.utils.XsrfUtils.fail(XsrfUtils.java:32)
                at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.fail(ReadOnlyGetMethodEnforcer.java:74)
                at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.failIfStateMutationNotAllowed(ReadOnlyGetMethodEnforcer.java:64)
                at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.onDelete(ReadOnlyGetMethodEnforcer.java:56)
                at org.springframework.orm.hibernate.support.ChainedInterceptorSupport.onDelete(ChainedInterceptorSupport.java:131)
...
                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1686)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
                at java.lang.Thread.run(Thread.java:745)

Diagnosis

This error happens after user have made changes to the crowd configuration in Bamboo and saved. 

The following error can be seen from the logs right after user save the configuration:

2015-02-17 10:47:06,280 ERROR [http-nio-443-exec-12] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalStateException: Connection factory has been shutdown.
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:456)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:394)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:152)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.executeCrowdServiceMethod(RestExecutor.java:452)
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:341)
	at com.atlassian.crowd.integration.rest.service.RestCrowdClient.getCookieConfiguration(RestCrowdClient.java:1033)
	at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.getCookieTokenKey(CrowdHttpAuthenticatorImpl.java:219)
	at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.getToken(CrowdHttpAuthenticatorImpl.java:200)
	at com.atlassian.crowd.integration.http.CacheAwareCrowdHttpAuthenticator.getToken(CacheAwareCrowdHttpAuthenticator.java:83)
	at com.atlassian.crowd.integration.seraph.v25.CrowdAuthenticator.getUser(CrowdAuthenticator.java:345)
	at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:138)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

Cause

Bamboo Authenticator for Crowd SSO does not support Crowd property changes at runtime. This is evident through the comment block in seraph-config.xml:

    <!-- If you're authenticating against a Crowd server you can use this authenticator for single sign-on.
         Enable it after configuring your Crowd properties through user management and restart Bamboo. It does not support
         Crowd property changes at runtime. If you need to switch back to local users, revert the change and
         restart Bamboo again.
     -->
    <authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>

Resolution

  • Restart Bamboo after updating Crowd configuration if SSO is enabled.
  • There is a ticket requesting Bamboo to warn users about the restart in the UI BAM-15532 - Getting issue details... STATUS

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.