[keycloak-user] Using keycloak-spring-boot-starter throws NullPointerException when “keycloak.enabled = false” in spring boot application.properties
Sebastien Blanc
sblanc at redhat.com
Thu Nov 30 06:21:44 EST 2017
https://issues.jboss.org/browse/KEYCLOAK-5736
On Thu, Nov 30, 2017 at 12:19 PM, Pharande Rahul <rahul.pharande at gi-de.com>
wrote:
> As you said there is ticket open for same, could you please point me out
> to respective ticket so that I can refer it for further tracking.
>
>
>
> *From:* Sebastien Blanc [mailto:sblanc at redhat.com]
> *Sent:* Thursday, November 30, 2017 12:00 PM
>
> *To:* Pharande Rahul
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Using keycloak-spring-boot-starter throws
> NullPointerException when “keycloak.enabled = false” in spring boot
> application.properties
>
>
>
> The Spring Boot Starter bundles Spring Boot Adapter and Spring Security
> Adapter. I admit it can be confusing but we will fix this soon.
>
>
>
> On Thu, Nov 30, 2017 at 6:01 AM, Pharande Rahul <rahul.pharande at gi-de.com>
> wrote:
>
> I believe I’m using Spring-boot Adapter here “keycloak-spring-boot-starter
> v3.4.0.Final” so as per your comment “keycloak.enabled” property should
> work out of the box here.
>
> Did I miss understood something here ..
>
>
>
> -Rahul
>
> *From:* Sebastien Blanc [mailto:sblanc at redhat.com]
> *Sent:* Wednesday, November 29, 2017 8:32 PM
> *To:* Pharande Rahul
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Using keycloak-spring-boot-starter throws
> NullPointerException when “keycloak.enabled = false” in spring boot
> application.properties
>
>
>
> keycloak.enable property only works for the Spring Boot Adapter, not for
> the Spring Security Adapter. There is already a ticket opened to align the
> feature.
>
>
>
> On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul <rahul.pharande at gi-de.com>
> wrote:
>
> Hi,
>
> While using “keycloak-spring-boot-starter v3.4.0.Final” with
> “spring-boot-starter-security V1.5.8.RELEASE”, I’m getting
> NullPointerException as described below.
> Please let me know if anyone has suggestion on this, OR this is really
> defect in keycloak adapter.
>
> Precondition –
>
> · Application configured to use spring-security with
> KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig
> in Example section (A).
>
> · Disable keycloak in spring boot’s Application property as
> “keycloak.enabled = false”
>
> Expected Result –
>
> · When Keycloak is disabled, spring security should handle
> authentication OR should not perform authentication.
>
> Actual Result –
> java.lang.NullPointerException: null
> at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
> KeycloakDeploymentBuilder.java:55) ~[keycloak-adapter-core-3.4.0.
> Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
> KeycloakDeploymentBuilder.java:164) ~[keycloak-adapter-core-3.4.0.
> Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolv
> er.resolve(KeycloakSpringBootConfigResolver.java:37)
> ~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.AdapterDeploymentContext.
> resolveDeployment(AdapterDeploymentContext.java:88)
> ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(
> PreAuthActionsHandler.java:107) ~[keycloak-adapter-core-3.4.0.
> Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
> ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
> at org.keycloak.adapters.springsecurity.filter.
> KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
> ~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
> at org.springframework.security.web.FilterChainProxy$
> VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> ~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
> at org.springframework.security.web.csrf.CsrfFilter.
> doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-4.2.3.
> RELEASE.jar!/:4.2.3.RELEASE]
> at org.springframework.web.filter.OncePerRequestFilter.
> doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.12.RELEASE.
> jar!/:4.3.12.RELEASE]
>
> What can be done here:
>
> · Ideal Option: Keycloak adapter classes like “
> KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s
> filters when “keycloak.enabled” property is false.
>
> · Temporary Option: we can handle this at application config level
> by defining on SecurityConfig class
>
> o @ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true")
>
> Example Section A:
>
> @KeycloakConfiguration
> public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
>
> @Autowired
> public void configureGlobal(AuthenticationManagerBuilder auth) throws
> Exception {
> KeycloakAuthenticationProvider keyCloakAuthProvider =
> keycloakAuthenticationProvider();
> keyCloakAuthProvider.setGrantedAuthoritiesMapper(new
> SimpleAuthorityMapper());
>
> auth.authenticationProvider(keyCloakAuthProvider);
> }
>
> @Override
> protected void configure(HttpSecurity http) throws Exception
> {
> super.configure(http);
> http
> .sessionManagement().sessionCreationPolicy(
> SessionCreationPolicy.STATELESS)
> .sessionAuthenticationStrategy(sessionAuthenticationStrategy(
> ))
> .and()
> .authorizeRequests()
> .antMatchers("/test*").hasRole("ADMIN")
> .anyRequest().permitAll();
> }
>
> @Override
> protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
> {
> return new NullAuthenticatedSessionStrategy();
> }
>
> @Bean
> public KeycloakConfigResolver KeyCloakConfigResolver(){
> return new KeycloakSpringBootConfigResolver();
> }
> }
>
> Thanks and Regards.
> Rahul Pharande
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
More information about the keycloak-user
mailing list