Approvals are not stored when autoCommit = false

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.

http://github.com/spring-projects/spring-security-oauth

Apache License 2.0

4.69k stars 4.04k forks source link

Approvals are not stored when autoCommit = false #971

Open tiwatsuka opened 7 years ago

tiwatsuka commented 7 years ago

In Spring Security OAuth, several classes (DefaultTokenServices, JdbcApprovalStore, JdbcAuthorizationCodeServices, etc.) access databases. However, not all methods in these classes are @Transactional. Because of this, approvals and authorization codes are not stored in the database when autoCommit = false.

I believe that the framework should set @Transactional appropriate place to work properly even if autoCommit is set false.

kazuki43zoo commented 7 years ago

I vote to @tiwatsuka's opinion.

I prefer to set defaultAutoCommit = false for prevent an unintentional commit when it mistake a transaction settings. I think If set defaultAutoCommit = true, it difficult to detect a mistaken transaction setting.