[keycloak-user] "Error! An unexpected server error has occurred" in Keycloak admin interface when retrieving a user

Marek Posolda mposolda at redhat.com
Thu Sep 8 08:04:38 EDT 2016


Hi Edgar,

I was trying to reproduce, but wasn't able. The expected format to 
invoke this endpoint should be 
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users 
/{userId} so I understand why it fails. But I am not seeing anything in 
admin console UI, which invokes it from this format.

Feel free to create JIRA if you find steps to reproduce it from clean KC.

Marek

On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
> Hi Marek,
>
> It’s the brute force detection REST endpoint that is causing the issue.
>
> /auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar at info.nl
>
> gives a: “Failed to load resource: the server responded with a status of 405 (Method Not Allowed)"
>
>
>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:
>>
>> Hi Marek,
>>
>> Thanks for the quick reply. Sorry, forgot to mention that: I did also add the view-users role. However the issue remains unfortunately.
>>
>> Will try to find the endpoint in question and report back!
>>
>> cheers
>>
>>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda at redhat.com> wrote:
>>>
>>> I guess you need to add "view-users" role as well?
>>>
>>> For tracking, you can try to enable FF plugin like Firebug (or similar in Chrome) and see what REST endpoint exactly returns 405 and what role it requires.
>>>
>>> Marek
>>>
>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>> Using a specific user admin account that is part of our Keycloak customers realm (not the master realm) with permissions to edit users only (manage-users realm-management role) whenever I click on a user in the Keycloak admin interface (Manage - Users) I get a "Error! An unexpected server error has occurred” with the stacktrace below in the logs. All actions do seem to work properly however. It also happens when I create a user, but also there the user is created just fine it seems.
>>>>
>>>> I am guessing it is a permission issue on some REST endpoint in the admin interface or something?
>>>>
>>>>
>>>> [0m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No resource method found for GET, return 405 with Allow header
>>>> 	at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>>> 	at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>>> 	at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>>> 	at org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>>> 	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>> 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>> 	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>>> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>>> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>>> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>> 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>> 	at java.lang.Thread.run(Thread.java:745)
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list