[keycloak-user] (KC1.9.3) admin client issue

Hristo Stoyanov hr.stoyanov at peruncs.com
Mon May 16 15:48:03 EDT 2016


Hi all,
I am seeing some unpredicatble behavior from KC 1.9.3, leading to the
following exception (see line comment BOOM!) in the code. Do you see
anything that I am doing wrong?
The problem with this issue is that it sometimes work, sometimes not. It
almost feels like timing issue with the KC internals (cache?) and there is
no
guaranateed way to reproduce it. Usually restarting the WF10 server or
redeploying the app fixes it.
Also, can the exception be a bit more helpfull (like what resource is not
found?)

12:03:50,354 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-81) RESTEASY002010: Failed to execute: javax.ws.rs.NotFoundException:
HTTP 404 Not Found
at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:201)
at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:174)
at
org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:59)
at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:104)
at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
at com.sun.proxy.$Proxy296.toRepresentation(Unknown Source)
at
com.xxxxx.web.server.UserManagerService.updateKeycloakRoles(UserManagerService.java:86)
at
com.xxxxx.web.server.UserManagerService.changeSubscription(UserManagerService.java:67)

==========================RealmAdmin.java================================
@ApplicationScoped
public class RealmAdmin {

... //Use JNDI resources to inject adminUser, adminPassword into this
producer bean

    @Produces
    Keycloak getKeycloak() {
        return Keycloak.getInstance(adminUrl, REALM_NAME, adminUser,
adminPassword, CLIENT_ID);
    }
}
===========================UserManagerService.java===========================
@Stateless
@SecurityDomain("keycloak")
public class UserManagerService implements UserManager {

    @Inject
    private Keycloak admin; //Producer above is used

    @Context
    private HttpServletRequest httpRequest;

@Inject
    private StripeService stripeService;

    @Override
    @RolesAllowed({Roles.ACTIVE})
    public void changeSubscription(final UserPlanRequest request) {
        final String userId = httpRequest.getUserPrincipal().getName();
        RealmResource realm = admin.realm(RealmAdmin.REALM_NAME);
        UserResource userResource = realm.users().get(userId);
        UserRepresentation userRepresentation =
userResource.toRepresentation();
        Map<String, List<String>> userAttributes =
userRepresentation.getAttributesAsListValues();
        final String customerId = extractKeycloakAttribute(userAttributes,
StripeService.STRIPE_ID);
        final String subscriptionId =
extractKeycloakAttribute(userAttributes,
StripeService.STRIPE_SUBSCRIPTION_ID);
        stripeService.changeSubscription(customerId, subscriptionId,
JNDIUtils.getPlanStripeKey(request.plan));
        updateKeycloakRoles(request.plan, userResource, realm);
    }

    private static void updateKeycloakRoles(Plan newPlan, UserResource
user, RealmResource realm) {
        RoleRepresentation newPlanRole =
realm.roles().get(newPlan.role.getName()).toRepresentation();//BOOM!
        RoleScopeResource userRoles = user.roles().realmLevel();
        userRoles.remove(userRoles.listAll()
                .stream()
                .filter(r -> Roles.isActiveOrExpiredPlanRole(r.getName()))
                .collect(Collectors.toList()));
        userRoles.add(Collections.singletonList(newPlanRole));
    }

}

/Hristo Stoyanov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160516/850e94f2/attachment.html 


More information about the keycloak-user mailing list