Re: [keycloak-user] ProviderFactory::postInit + transactions = startup failure

Hi, (TL;DR) if a KeycloakTransaction is opened from ProviderFactory::postInit, sometimes the transaction is already active on the underlying org.jboss.jca.adapters.jdbc.local.LocalManagedConnection, which leads to errors. (full version) I think it's essential for the providers to be able to access realm data in postInit(). For that, a transaction is required; using KeycloakModelUtils.runJobInTransaction() is a convenient method to do that:     @Override     public void postInit(KeycloakSessionFactory factory) {         KeycloakModelUtils.runJobInTransaction(factory, (KeycloakSession session) -> {             List<RealmModel> realms = session.realms().getRealms();             // do stuff         });     } When such a provider is deployed, in about half of cases Keycloak fails to start due to the following exception: java.sql.SQLException: IJ031017: You cannot set autocommit during a managed transaction (see full stacktrace here https://pastebin.com/ETtPqXQk) I've managed to track it down to something that looks like transaction clash over a single instance of org.jboss.jca.adapters.jdbc.local.LocalManagedConnection. What happens is that the two treads at the same time begin two KeycloakTransactions which end up with the same instance of LocalManagedConnection. The above exception results from the second begin() call. There's a system property called "ironjacamar.jdbc.ignoreautocommit" that allows to ignore the situation, but I think it's dangerous because it doesn't eliminate the transaction clash, just suppresses the check. If I'm not mistaken, this began to happen around Keycloak 2.2.x, which coincides with the changes to Keycloak transaction management. That said, do I need now some additional transaction coordination with the rest of Keycloak, or is it a bug? If former, how do I do that? If latter, how do we fix it? I hope we'll sort it out, since the ability to access the data at every phase of provider's lifecycle seems something fundamental to me. Regards, Dmitry _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user