-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.0.0, 7.1.0
-
None
-
Severity 3 - Minor
-
Issue Summary
Disabling Secret service in Crowd causes Transaction Rollbacks during upgrade and startup as well as the operations where secret services are required
Steps to Reproduce
- Install latest version of Crowd
- Add an external directory
- Stop Crowd
- Add -Datlassian.secret.service.state=disabled in setenv.sh and start the crowd
Expected Results
Crowd should start normally
Actual Results
There are 4 scenarios that have been observed with this parameter
1) Error at Startup if there is already an encrypted directory
The below exception is thrown in the atlassian-crowd.log file:
..2025-10-17 16:09:49,781 main WARN [atlassian.crowd.crypto.EncryptingDirectoryDAO] Secret service is disabled. Cannot decrypt passwords of directory ds 2025-10-17 16:09:49,781 main WARN [atlassian.crowd.crypto.EncryptingDirectoryDAO] Secret service is disabled. Cannot decrypt passwords of directory dsnv 2025-10-17 16:09:49,788 main ERROR [ContainerBase.[Catalina].[localhost].[/crowd]] Exception sending context initialized event to listener instance of class [com.atlassian.crowd.console.listener.StartupListener] org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only at org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938) ~[spring-tx-6.2.8.jar:6.2.8] at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:754) ~[spring-tx-6.2.8.jar:6.2.8] at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:698) ~[spring-tx-6.2.8.jar:6.2.8] at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:416) ~[spring-tx-6.2.8.jar:6.2.8] at
2) Error at Startup while finding configured directories
025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] JDBC URL: jdbc:postgresql://localhost:5432/cwd4112?reWriteBatchedInserts=true 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] JDBC Driver: org.postgresql.Driver 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] JDBC Username: akotha 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] Hibernate Dialect: org.hibernate.dialect.PostgreSQLDialect 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] License Information: 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] License Server ID: BU81-XFCJ-I8C1-58SI 2025-10-21 15:36:20,488 main INFO [com.atlassian.crowd.startup] Directories: 2025-10-21 15:36:20,488 main DEBUG [org.postgresql.jdbc.PgConnection] setAutoCommit = false 2025-10-21 15:36:20,523 main DEBUG [org.postgresql.jdbc.PgConnection] setAutoCommit = true 2025-10-21 15:36:20,523 main ERROR [ContainerBase.[Catalina].[localhost].[/crowd]] Exception sending context initialized event to listener instance of class [com.atlassian.crowd.console.listener.StartupListener] org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only at org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938) ~[spring-tx-6.2.11.jar:6.2.11] at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:754) ~[spring-tx-6.2.11.jar:6.2.11] at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:698) ~[spring-tx-6.2.11.jar:6.2.11]
3) Startup Error due to upgrade Task Failure
2025-10-21 12:15:36,367 main INFO [crowd.manager.upgrade.UpgradeManagerImpl] Running upgrade task for build - 1629: CWD-5548: Set synchronisationType 2025-10-21 12:15:36,432 main ERROR [crowd.manager.upgrade.UpgradeManagerImpl] Transaction rolled back because it has been marked as rollback-only org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only 2025-10-21 12:15:36,618 main ERROR [crowd.console.listener.StartupListener] Errors experienced during the Crowd upgrade process: [Upgrade task for build 1629 failed with exception: Transaction rolled back because it has been marked as rollback-only]
4) If there are no encrypted password or directories and Crowd startups correctly but any transaction where secrets needs to be accessed will fail e.g Directory creation fails with the following error
025-10-17 16:22:10,115 http-nio-8095-exec-19 url: /crowd/console/secure/directory/viewconnector.action, /crowd/console/error/500.jsp; user: admin ERROR [500ErrorPage] Exception caught in 500 page Cannot invoke "java.lang.Long.longValue()" because the return value of "com.atlassian.crowd.embedded.api.Directory.getId()" is null java.lang.NullPointerException: Cannot invoke "java.lang.Long.longValue()" because the return value of "com.atlassian.crowd.embedded.api.Directory.getId()" is null at com.atlassian.crowd.console.action.directory.AbstractViewCacheableDirectory.execute(AbstractViewCacheableDirectory.java:28) ~[classes/:?] at com.atlassian.crowd.console.action.directory.ViewConnector.execute(ViewConnector.java:19) ~[classes/:?] at
Workaround
Currently there is no known workaround for this behavior if the customer needs to disable the encryption completely. A workaround will be added here when available.
- is related to
-
KRAK-8323 Loading...