[keycloak-user] Servlet Filter Adapter not working with Tomcat/Memcached

LEONARDO NUNES leo.nunes at gjccorp.com.br
Thu Jul 7 19:05:57 EDT 2016


Hi everyone,

An application is deployed using Servlet Filter Adapter at 2 Tomcats in which are saving sessions to 1 Memcached. There's a Nginx load balancer with sticky session in front of both Tomcats.

After log in to the application if one Tomcat goes down or is removed from the load balancer we get the exception below. The problem occur using Servlet Filter Adapter, it works with Tomcat Adapter but we can't use it for some of our applications.

java.lang.NullPointerException
org.keycloak.KeycloakSecurityContext.getRealm(KeycloakSecurityContext.java:73)
org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshExpiredToken(RefreshableKeycloakSecurityContext.java:103)
org.keycloak.adapters.servlet.OIDCFilterSessionStore.checkCurrentToken(OIDCFilterSessionStore.java:87)
org.keycloak.adapters.servlet.KeycloakOIDCFilter.doFilter(KeycloakOIDCFilter.java:145)


1. Access a restricted page of the application
2. Nginx will direct to Tomcat1 (because of sticky session next requests will go to Tomcat1)
3. You will be redirected to Keycloak Login page
4. After login, Keycloak redirects back to the restricted page
(Note: this session is already saved to memcached)
5. At Nginx disable Tomcat1 server
6. At the browser refresh the application page
7. Now the request will go to Tomcat2 server
8. The session is retrieved from memcached
9. An exception is thrown because token is null inside of KeycloakSecurityContext.getRealm()
(Note: sometimes at this step the restricted page is displayed, but if I refresh the page the exception is thrown)


I've opened the issue ticket below:
https://issues.jboss.org/browse/KEYCLOAK-3288


--
Leonardo Nunes
________________________________
Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o.

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160707/68f46565/attachment.html 


More information about the keycloak-user mailing list