Users encounter "Permission denied" issues. Is there a workaround to solve "Failed to load cache" stacktrace?

Cracky5457 · April 8, 2021, 9:02am

Hello.

Since the upgrade from XWiki 10.11.9 to 12.10.4 We and a lot of our users are encoutering “Permission denied” access on accessing some wiki pages. It’s solved by refreshing the page in most cases. It apparently also happened on XWiki Solr search but I’m not sure it’s related

I have been opening a ticket describing the situation and with all the stacktrace

https://jira.xwiki.org/browse/XWIKI-18508

I just discover I think the real stacktrace which cause the permission denied issue. It’s an error “Failed to loasd the cache in 5 attempts”

2021-04-08 10:37:52,286 [http-nio-8080-exec-15 - https://wiki.ebrains.eu/bin/view/Collabs/sga3-wp6-internal] ERROR a.i.BridgeAuthorizationManager - Failed to load rights for user [xwiki:XWiki.messines] on [xwiki:Collabs.sga3-wp6-internal.WebPreferences].
org.xwiki.security.authorization.AuthorizationException: Failed to load the cache in 5 attempts. Giving up. when checking  access to [xwiki:Collabs.sga3-wp6-internal.WebPreferences] for user [xwiki:XWiki.messines]
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.load(DefaultSecurityCacheLoader.java:168)
	at org.xwiki.security.authorization.DefaultAuthorizationManager.getAccess(DefaultAuthorizationManager.java:231)
	at org.xwiki.security.authorization.DefaultAuthorizationManager.evaluateSecurityAccess(DefaultAuthorizationManager.java:169)
	at org.xwiki.security.authorization.DefaultAuthorizationManager.hasSecurityAccess(DefaultAuthorizationManager.java:162)
	at org.xwiki.security.authorization.DefaultAuthorizationManager.hasAccess(DefaultAuthorizationManager.java:119)
	at org.xwiki.security.authorization.internal.BridgeAuthorizationManager.hasAccess(BridgeAuthorizationManager.java:67)
	at org.xwiki.security.authorization.internal.DefaultContextualAuthorizationManager.hasAccess(DefaultContextualAuthorizationManager.java:122)
	at org.xwiki.security.authorization.internal.DefaultContextualAuthorizationManager.hasAccess(DefaultContextualAuthorizationManager.java:117)
	at org.xwiki.security.authorization.script.SecurityAuthorizationScriptService.hasAccess(SecurityAuthorizationScriptService.java:114)
	at sun.reflect.GeneratedMethodAccessor231.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
	at org.xwiki.velocity.introspection.MethodArgumentsUberspector$ConvertingVelMethod.invoke(MethodArgumentsUberspector.java:201)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:701)
	at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:72)
	at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:240)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
	at org.apache.velocity.Template.merge(Template.java:358)
	at org.apache.velocity.Template.merge(Template.java:262)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
	at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
	at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
	at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2494)
	at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:983)
	at sun.reflect.GeneratedMethodAccessor174.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:490)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
	at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:215)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:328)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:258)
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:301)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
	at org.apache.velocity.Template.merge(Template.java:358)
	at org.apache.velocity.Template.merge(Template.java:262)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
	at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
	at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
	at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2494)
	at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:983)
	at sun.reflect.GeneratedMethodAccessor174.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:490)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
	at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:215)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:328)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:258)
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:301)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
	at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:191)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
	at org.apache.velocity.Template.merge(Template.java:358)
	at org.apache.velocity.Template.merge(Template.java:262)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
	at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
	at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
	at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
	at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
	at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:179)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:572)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:250)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
	at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at com.xpn.xwiki.web.XWikiAction.redirectSpaceURLs(XWikiAction.java:1069)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:425)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:250)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
	at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve.invoke(AbstractAuthenticatedActionsValve.java:67)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.xwiki.security.authorization.cache.ParentEntryEvictedException: The first parent with reference [null] for the entry [user = [Document xwiki:XWiki.messines], entity = [Document xwiki:Collabs.sga3-wp6-internal.WebPreferences], access = [login: ALLOW, view: ALLOW, edit: DENY, delete: ALLOW, creator: DENY, register: ALLOW, comment: ALLOW, script: DENY, admin: DENY, createwiki: DENY, programming: DENY, illegal: DENY, Like: ALLOW]] with wiki [null] is no longer available in the cache.
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCache$SecurityCacheEntry.<init>(DefaultSecurityCache.java:223)
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCache.internalAdd(DefaultSecurityCache.java:782)
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCache.add(DefaultSecurityCache.java:759)
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.loadAccessEntries(DefaultSecurityCacheLoader.java:231)
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.loadRequiredEntries(DefaultSecurityCacheLoader.java:197)
	at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.load(DefaultSecurityCacheLoader.java:150)
	... 196 common frames omitted

So this probably cause the “You are not allowed to view this page or perform this action” page on wiki pages.

Is there any workaround on my side to apply before an official fix ? Maybe there is a way to increase the amount of attemp or a configuration to apply ?

lucaa · April 8, 2021, 4:42pm

Hello Axel (hope this is right, I took the name from the jira issue),

this issue seems to be the same as XWIKI-16381 (although that one does not talk about a direct link between the exception and wrong permissions).
However, in recent comments this started to be discussed and workarounds proposed, see https://jira.xwiki.org/browse/XWIKI-16381?focusedCommentId=108422&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-108422 .

Hope this helps,
Anca

Cracky5457 · April 8, 2021, 9:50pm

Hey Luca !

Thanks for the link:

Indeed it’s not exactly the same stacktrace but it seems really related to infinispan.

In both cases it seems that we have a “big”(ish) amount of XWiki document, probablly thousands and users. And maybe it’s related to infinispan config but I don’t know where to change this constant from 10 000 to 100 000 as desribe in the answer ?

By the way, this issue was not present in 10.11.9, so I think something new introduce it ( maybe an upgrade of infinispan ? ). We had a “lock issue” in 10.11.9 whch cause some lags but different from this one. https://jira.xwiki.org/browse/XWIKI-18261?filter=-3

I will add my issue in comments of the current one. I guess we can clause mine as duplicated.

I’m still interesting to a workaround to tune infinispan to solve this cache issue.

thanks

Cracky5457 · April 9, 2021, 9:01am

More specifically about the workaround

a solution was to raise the max entries in the security cache to 100 000 instead of the default (10 000).

How can I change that ? I didn’t found infinispan configuration in xwiki.properties nor xwiki.cfg

lucaa · April 11, 2021, 2:24pm

It’s in a configuration file of infinispan IIRC, I think @caubin , @tmortagne or @ppantiru should be able to help you with more precise information…

Cracky5457 · April 11, 2021, 3:52pm

I think the workaround concern this value

@Component
@Singleton
public class DefaultSecurityCache implements SecurityCache, Initializable
{
    /** Default capacity for security cache. */
    private static final int DEFAULT_CAPACITY = 10000;

I found this in the configuration in xwiki.cfg

I assume xwiki.store.cache.pageexistcapacity=10000 is the default value above ?

#-# Maximum number of documents to keep in the cache.
#-# The default is 500.
# xwiki.store.cache.capacity=500

#-# Maximum number of documents to keep in the cache indicating if a document exist.
#-# Since this cache contain only boolean it can be very big without taking much memory.
#-# The default is 10000.
# xwiki.store.cache.pageexistcapacity=10000

lucaa · April 11, 2021, 4:01pm

Cracky5457:

I found this in the configuration in xwiki.cfg

I assume xwiki.store.cache.pageexistcapacity=10000 is the default value above ?

#-# Maximum number of documents to keep in the cache.
#-# The default is 500.
# xwiki.store.cache.capacity=500

#-# Maximum number of documents to keep in the cache indicating if a document exist.
#-# Since this cache contain only boolean it can be very big without taking much memory.
#-# The default is 10000.
# xwiki.store.cache.pageexistcapacity=10000

No, no, these are not at all the same caches (there are lots of caches in XWiki ).

The setting for the security cache is in file:

WEB-INF/cache/infinispan/config.xml

in your XWiki installation.

And you need to add in there something like this:

     <local-cache name="platform.security.authorization.cache" statistics="true">
        <memory>
          <object size="100000"/>
        </memory>
     </local-cache>

at the end, just before the closing tag </cache-container> , next to the other local caches.

Of course, you need to restart the wiki after making this change.

Cracky5457 · April 11, 2021, 4:08pm

Ok thanks for the info I will try it in our production and I will give my feedback after if it helps to solved the issue.

I put

     <local-cache-configuration name="platform.security.authorization.cache" statistics="true">
        <memory>
          <object size="100000"/>
        </memory>
     </local-cache-configuration>

instead because local-cache was throwing an error “cache already exist”. I’m not sure my configuration is taked acount but at least the wiki start.

lucaa · April 26, 2022, 3:23pm

Yes, this has changed along with an upgrade of infinispan in XWiki 12.10.