OracleRelationalCommand.ExecuteReaderAsync() : Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-12899: value too large for column "ABDEV"."ABPAUDITLOGS"."EXCEPTIONS" (actual: 15651, maximum: 4000)
Hi. I faced with the situation that some exception cannot be stored because the value is too large for column "ABPAUDITLOGS"."EXCEPTIONS". At this moment I use "Volo.Abp.AuditLogging" module version 5.1.2. Unfortunatly, I didn't manage to find any logic in this module which can truncate too large text of exception. Could you please advice how this issue can be fixed? Not by incrementing the column length.
Hi. Here is the reproducable situation in the test project attached. Let's say I'm trying to access http://localhost:4200/dashboard via typing the address in a browser and the logged user does not have access to this page. IAuthorizationMiddlewareResultHandlerimplementation is even not triggered - straight away default 403 forbidden is shown.
P.S. Could you please add possibility to attach code zip archives to a message? It's not user-friendly to create cloud links each time.
4.3.0 / Angular / separate IdentityServer
I have custom implementation of IAuthorizationMiddlewareResultHandler (it checks missing permissions for a user) and I want to provide additional exception info from it to Angular client in pop-up window. It works in some scenarios - like the page is accessed from navigation menu and it misses some permission. But if I try to access the page which is not accessible via typing its address in a browser - I ALWAYS get the following page without details:
Ah, OK. What about ABP Permission Grant Cache? Should I use Redis to share one cache between two apps (hosted as separate IIS apps eventually) (or my approach - exchanging messages via bus and refreshing the cache in dependent apps?)
Please specify where I broke ABP design: both applications 1 and applications 2 - are ABP-framework-based. Permissions are set in application 1, since it's a "main" application. The issue was that the permissions set in application 1 were not applied to application 2. I found "workaround", but my question in the first place would be: "Why they are not applied to application 2? They are not applied even if a distributed cache key is not set in both applications. Is it because the cache in both applications is separate? Is using Redis cache a way to go then?"
I understood my mistake in the code: I am missing setting current tenant before changing cache. I am going to send tenant GUID from RabbitMq sender.
Anyway, here's the override of PermissionAppServicein back-end 1:
using Volo.Abp.PermissionManagement;
using System.Threading.Tasks;
using Volo.Abp.Authorization.Permissions;
using Microsoft.Extensions.Options;
using System.Linq;
using Volo.Abp.DependencyInjection;
using AbxEps.RabbitMq.Client;
using AbxEps.RabbitMq.Client.Messages;
using AbxEps.Fines;
namespace AbxEps.CentralTools
{
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IPermissionAppService))]
public class CentralToolsPermissionAppService : PermissionAppService
{
private readonly IRabbitMqManager _rabbitMqManager;
public CentralToolsPermissionAppService(
IPermissionManager permissionManager,
IPermissionDefinitionManager permissionDefinitionManager,
IOptions<PermissionManagementOptions> options,
IPermissionStateManager permissionStateManager,
IRabbitMqManager rabbitMqManager)
: base(permissionManager, permissionDefinitionManager, options, permissionStateManager)
{
_rabbitMqManager = rabbitMqManager;
}
public override async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input)
{
await base.UpdateAsync(providerName, providerKey, input);
var cacheRabbitMqInput = new CacheRabbitMqInput(input.Permissions.Select(x => x)
.ToDictionary(x => PermissionGrantCacheItem.CalculateCacheKey(x.Name, providerName, providerKey), x => x.IsGranted));
await _rabbitMqManager.CreateSender().SendAsync(new RabbitMqMessage<CacheRabbitMqInput>
{
RoutingKey = "AbxEps-Abp-Caching",
Body = cacheRabbitMqInput
});
}
}
}
Here's the triggered RabbitMq subscription in back-end 2:
using Volo.Abp.PermissionManagement;
using Volo.Abp.DependencyInjection;
using Volo.Abp.EventBus.Distributed;
using System.Threading.Tasks;
using Volo.Abp.Caching;
using System.Collections.Generic;
using AbxEps.RabbitMq.Client.Receivers;
using RabbitMQ.Client.Events;
using System;
using Microsoft.Extensions.DependencyInjection;
using AbxEps.RabbitMq.Client.Extensions;
using System.Linq;
namespace AbxEps.Fines
{
public class FinesRabbitMqReceiver : RabbitMqReceiverBase
{
private readonly IServiceProvider _serviceProvider;
public FinesRabbitMqReceiver(IServiceProvider serviceProvider) : base("AbxEps-Abp-Caching")
{
_serviceProvider = serviceProvider;
}
public override async Task<object> Received(BasicDeliverEventArgs @event)
{
using var scope = _serviceProvider.CreateScope();
var permissionGrantCache = scope.ServiceProvider.GetService<IDistributedCache<PermissionGrantCacheItem>>();
var permissions = @event.ToDataObject<Dictionary<string, bool>>();
await permissionGrantCache.SetManyAsync(
permissions.Select(permission =>
new KeyValuePair<string, PermissionGrantCacheItem>(permission.Key, new PermissionGrantCacheItem(permission.Value))));
return Task.FromResult<object>(null);
}
}
}
Does this approach to refresh permissions in another app looks OK or I'm missing a better ABP approach?
UPDATE: i've used RabbitMq to notify Angular 2 about permission changes in Angular 1. I am now trying to modify Angular 2 permission cache via SetManyAsync - it adds the values to the cache in Angular 2, but it still does not reflect the changes on page refresh...
I am running two Angular apps: https://localhost:4200 (Permissions are assigned and consumed here) and https://localhost:4201 (Permissions are only consumed here). Each of these two Angular apps have own HTTP API host (and own full-fledged ABP-based solution) and they share the same Identity Server.
To control full set of permission in app Angular 1, I have Nuget package of Application.Contracts project from Solution 2 in Application.Contracts project of Solution 1:
So far so good. I can see and change role permissions:
The problem is that the changes made in Angular 1 are not reflected in Angular 2 - I still can see or not see the protected pages after page reload or re-login:
I've tried to override and play with IDistributedCache<PermissionGrantCacheItem>, but it does not work - most likely because both hosts have separate caches. But how to resolve the described issue then?
I am sorry, but I am now allowed to share the project. What I can do is just to show some informational screendumps, send logs and separate code files... Please let me know if I can measure some additional timings somewhere, etc. Now - just some thoughts: when I use Postman to send API requests - first TTFB is large, that's right, second and further - 10 and more times decreased. That would explain DI initialization. But in real situation, when I refresh the same page in Angular app - I am getting almost the same big timings. For instance, first run ~5-6sec per lookup API request. Next run ~1.5-3sec. Next run - about the same time... Next run - attention - ~4sec again!! Even retrieving refresh tokens at IdentityServer takes ages:
UPDATE: I've updated my controllers - removing all appservices instantiation at all. There is no DB access to retrieve data now anywhere, empty data is returned:
[HttpGet]
[Route("values/owners/{languageCode?}")]
public virtual async Task<PagedResultDto<LookupItemDto<int>>> GetOwnerAsync([FromRoute] string languageCode = null)
{
return new PagedResultDto<LookupItemDto<int>> { Items = new List<LookupItemDto<int>>(), TotalCount = 0 };
}
Also, made all API calls anonymous and without audit logging. And TTFB is still unsasisfactory. Any ideas?
DB resides on Azure cloud. Everything the rest - on localhost. Just in case: I won't be able to create local copy of DB if it is needed for a deeper testing. But as I already mentioned, sometimes there are unexplained lags even if I don't access DB.