A mutative operation was attempted on RememberMeTokenImpl
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Symptoms
The following stack trace appears to the user in the UI when trying to login:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Stack Trace:
java.lang.IllegalStateException: XSRF: A mutative operation was attempted on RememberMeTokenImpl within a non-mutative HTTP request: https://<bambooURL>/allPlans.action : [null]->
->[[username, timestamp, cookie]]
at com.atlassian.bamboo.utils.XsrfUtils.fail(XsrfUtils.java:32)
at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.fail(ReadOnlyGetMethodEnforcer.java:74)
at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.failIfStateMutationNotAllowed(ReadOnlyGetMethodEnforcer.java:64)
at com.atlassian.bamboo.hibernate.ReadOnlyGetMethodEnforcer.onDelete(ReadOnlyGetMethodEnforcer.java:56)
at org.springframework.orm.hibernate.support.ChainedInterceptorSupport.onDelete(ChainedInterceptorSupport.java:131)
...
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1686)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)Diagnosis
This error happens after user have made changes to the crowd configuration in Bamboo and saved.
The following error can be seen from the logs right after user save the configuration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2015-02-17 10:47:06,280 ERROR [http-nio-443-exec-12] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalStateException: Connection factory has been shutdown.
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:456)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:394)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:152)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.executeCrowdServiceMethod(RestExecutor.java:452)
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:341)
at com.atlassian.crowd.integration.rest.service.RestCrowdClient.getCookieConfiguration(RestCrowdClient.java:1033)
at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.getCookieTokenKey(CrowdHttpAuthenticatorImpl.java:219)
at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.getToken(CrowdHttpAuthenticatorImpl.java:200)
at com.atlassian.crowd.integration.http.CacheAwareCrowdHttpAuthenticator.getToken(CacheAwareCrowdHttpAuthenticator.java:83)
at com.atlassian.crowd.integration.seraph.v25.CrowdAuthenticator.getUser(CrowdAuthenticator.java:345)
at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:138)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)Cause
Bamboo Authenticator for Crowd SSO does not support Crowd property changes at runtime. This is evident through the comment block in seraph-config.xml:
1
2
3
4
5
6
<!-- If you're authenticating against a Crowd server you can use this authenticator for single sign-on.
Enable it after configuring your Crowd properties through user management and restart Bamboo. It does not support
Crowd property changes at runtime. If you need to switch back to local users, revert the change and
restart Bamboo again.
-->
<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>Solution
Resolution
Restart Bamboo after updating Crowd configuration if SSO is enabled.
There is a ticket requesting Bamboo to warn users about the restart in the UI BAM-15532 - Warn users that config change will require a restart
Was this helpful?