Currently JBoss Cache used for Picketlink IDM is not aware of JTA. This could mean for example, that rollback of JTA transaction won't rollback JBoss Cache records, added during this JTA transaction. Example steps to reproduce: - Configure EPP for JTA according to instructions https://community.jboss.org/wiki/JTAIntegrationWithGateIn - Login as john, Go to OrganizationManagementPortlet and try to add new group. Type some name of new group (for example "newgroup") and click "Save". Now what is done is: -- New JTA transaction is started -- New group is created into Picketlink IDM database -- Picketlink IDM sends query for obtain new list of groups. New group "mynewgroup" is included in the query result. And result groups are saved into Picketlink IDM cache. -- Now let's say that JTA transaction is rolled-back because of timeout. All changes related to "mynewgroup" are cleaned from DB, but items in PL IDM JBoss cache are not rolled-back but they are still here. So there is still record about the group "mynewgroup".
JBossStandaloneJTAManagerLookup is now added at picketlink JBC configuration files.
Issue is reverted in 5.2.2 CR01 as it's causing regressions 841320 and 840917. So configuration of TransactionManagerLookup was commented after all. We need to verify scenarios described in 841320 and 840917 as well when fixing this one. Thing is that when TransactionManagerLookup is uncommented and JBoss Cache is JTA-aware, then IDMUserListAccess added into IntegrationCache is sometimes lost after commit of JTA transaction and old instance of IDMUserListAccess is restored. Proper fix will require further investigation at JBoss Cache level. Simple application for test this issue: https://github.com/mposolda/jcr-transaction-test
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: CAUSE: Currently JBoss Cache used for Picketlink IDM is not aware of JTA. This could mean for example, that rollback of JTA transaction won't rollback JBoss Cache records, added during this JTA transaction. WORKAROUND: Uncomment TransactionManagerLookup in configuration file gatein.ear/02portal.war/WEB-INF/conf/organization/picketlink-idm/jboss-cache.xml: <transaction transactionManagerLookupClass="org.jboss.cache.transaction.JBossStandaloneJTAManagerLookup" /> Problem is that implementing this workaround is introducing another two problems described in bugs 841320 and 840917. So applying workaround is not recommended for now.