[keycloak-user] Recaptcha Provider causing PersistenceExceptions
John D. Ament
john.d.ament at gmail.com
Thu Aug 10 06:45:31 EDT 2017
I've created https://issues.jboss.org/browse/KEYCLOAK-5274 and will leave
it up to the KC team if they want to apply the patch. I can throw it out
there as a PR if you're going to accept it.
John
On Wed, Aug 9, 2017 at 2:13 PM John D. Ament <john.d.ament at gmail.com> wrote:
> I just tested it out. I think I know why it works OOTB but not with
> config changes. For some reason, in my env caching doesn't work, so its
> always hitting the DB. The issue does in fact fail on master for this same
> case, when I get caching to not work.
>
> I would recommend adding the following fix (from 3.2 code). Let me know
> if you want me to create a ticket. Also do let me know if you have any
> idea why caching gets disabled in my env.
>
> John
>
> diff --git
> a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> index 61f6254..068fd09 100755
> ---
> a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> +++
> b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> @@ -509,10 +509,12 @@ public class AuthenticationManagementResource {
> rep.setId(execution.getId());
>
> if (factory.isConfigurable()) {
> - AuthenticatorConfigModel authenticatorConfig =
> realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
> + if (execution.getAuthenticatorConfig() != null) {
> + AuthenticatorConfigModel authenticatorConfig =
> realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
>
> - if (authenticatorConfig != null) {
> - rep.setAlias(authenticatorConfig.getAlias());
> + if (authenticatorConfig != null) {
> + rep.setAlias(authenticatorConfig.getAlias());
> + }
> }
> }
>
> On Wed, Aug 9, 2017 at 1:37 PM John D. Ament <john.d.ament at gmail.com>
> wrote:
>
>> Hi,
>>
>> After upgrading to Keycloak 3.2 we found on the admin screens they won't
>> load in certain scenarios, under authentication -> flows. When we choose
>> the registration or browser flows, the following stacktrace is seen:
>>
>> 17:33:25,251 ERROR [io.undertow.request] (default task-12) UT005023:
>> Exception handling request to
>> /auth/admin/realms/qpd-manager/authentication/flows/registration/executions:
>> org.jboss.resteasy.spi.UnhandledException:
>> org.keycloak.models.ModelException: java.lang.IllegalArgumentException: id
>> to load is required for loading
>> at
>> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>> at
>> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>> at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at
>> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: org.keycloak.models.ModelException:
>> java.lang.IllegalArgumentException: id to load is required for loading
>> at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:61)
>> at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:51)
>> at com.sun.proxy.$Proxy66.find(Unknown Source)
>> at
>> org.keycloak.models.jpa.RealmAdapter.getAuthenticatorConfigById(RealmAdapter.java:1576)
>> at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:512)
>> at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:500)
>> at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.getExecutions(AuthenticationManagementResource.java:464)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>> ... 37 more
>> Caused by: java.lang.IllegalArgumentException: id to load is required
>> for loading
>> at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:93)
>> at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:63)
>> at
>> org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2693)
>> at org.hibernate.internal.SessionImpl.get(SessionImpl.java:975)
>> at
>> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1075)
>> at
>> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1033)
>> at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:49)
>> ... 56 more
>>
>>
>> However, keycloak is handling a null return value, that isn't what's
>> happening in JPA. The ID in this case is null, which causes hibernate to
>> throw a persistence exception that the ID must not be null to do a load.
>>
>> I have no idea what is causing this, however it only happens when our
>> custom providers are deployed to Keycloak. This does not happen in
>> Keycloak 3.1. The execution in this case is when loading the recaptcha
>> execution. We have no customized anything with regard to recaptcha.
>>
>> John
>>
>
More information about the keycloak-user
mailing list