[keycloak-user] Keycloak and Wildfly in docker
Kevin Hoarau
kevinhoarau0496 at gmail.com
Tue Dec 4 13:33:26 EST 2018
Hi, I'm running my wildfly app with a docker and keycloak too. There are
in the same docker network. The problem is when I go in my application (
http://127.0.0.1:8080/akatsuki-javaee-webapp/) the keycloak auth appear,
I'm connecting and then I got a Forbidden.
I'm trying to solve it since 1 week :/
Please find below some configurations file :
*docker-compose.yml :*
version: '2'
services:
wildfly:
build:
context: WildFly/
container_name: "wildfly"
volumes:
- /tmp/images:/opt/jboss/images
ports:
- "8080:8080"
networks:
- netaka
filemanager:
build:
context: FileManager/
container_name: "filemanager"
volumes:
- /tmp/images:/usr/local/apache2/htdocs/
ports:
- "8082:80"
networks:
- netaka
keycloak:
build:
context: KeyCloak/
container_name: "keycloak"
ports:
- "8180:8080"
environment:
KEYCLOAK_USER: "admin"
KEYCLOAK_PASSWORD: "admin"
networks:
- netaka
networks:
netaka:
driver: bridge
*Dockerfile (wildfly) :*
FROM jboss/wildfly
ADD target/akatsuki-javaee-webapp.war
/opt/jboss/wildfly/standalone/deployments/
ENV KEYCLOAK_VERSION 4.6.0.Final
WORKDIR /opt/jboss/wildfly/
RUN curl -L
https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/adapters/keycloak-oidc/keycloak-wildfly-adapter-dist-$KEYCLOAK_VERSION.tar.gz
|
tar zx
RUN ./bin/jboss-cli.sh --file=bin/adapter-elytron-install-offline.cli
WORKDIR /opt/jboss
# Standalone.xml modifications
COPY standalone.xml /opt/jboss/wildfly/standalone/configuration/
RUN mkdir -p /opt/jboss/images
## Attempt fix permissions error ##
# Attepmt to fix for Error: Could not rename
/opt/jboss/wildfly/standalone/configuration/standalone_xml_history/current
# See
https://stackoverflow.com/questions/20965737/docker-jboss7-war-commit-server-boot-failed-in-an-unrecoverable-manner
RUN rm -rf
/opt/jboss/wildfly/standalone/configuration/standalone_xml_history/current
*I'm modifying standalone.xml in order to change this :*
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<secure-deployment name="akatsuki-javaee-webapp.war">
<realm>akatsukiRealm</realm>
<auth-server-url>http://127.0.0.1:8180/auth</auth-server-url>
<public-client>true</public-client>
<ssl-required>EXTERNAL</ssl-required>
<resource>akatsukiClient</resource>
</secure-deployment>
</subsystem>
*Dockerfile (keycloak) :*
FROM jboss/keycloak
COPY standalone.xml /opt/jboss/keycloak/standalone/configuration/
*I'm modifying standalone.xml in order to change this line :*
"<socket-binding-group name="standard-sockets" default-interface="public"
port-offset="${jboss.socket.binding.port-offset:100}">"
*web.xml (in my wildfly app) :*
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>akatsuki-javaee-webapp</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Index</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
*And when I'm trying to connect, I got this error :*
wildfly | 18:26:46,931 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed
to turn code into token: java.net.ConnectException: Connection refused
(Connection refused)
wildfly | at java.net.PlainSocketImpl.socketConnect(Native Method)
wildfly | at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
wildfly | at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
wildfly | at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
wildfly | at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
wildfly | at java.net.Socket.connect(Socket.java:589)
wildfly | at
org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:120)
wildfly | at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
wildfly | at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
wildfly | at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
wildfly | at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
wildfly | at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
wildfly | at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
wildfly | at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
wildfly | at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
wildfly | at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
wildfly | at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111)
wildfly | at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:335)
wildfly | at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:280)
wildfly | at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)
wildfly | at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
wildfly | at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
wildfly | at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
wildfly | at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:268)
wildfly | at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
wildfly | at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
wildfly | at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
wildfly | at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
wildfly | at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
wildfly | at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
wildfly | at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
wildfly | at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
wildfly | at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
wildfly | at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
wildfly | at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
wildfly | at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
wildfly | at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
wildfly | at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
wildfly | at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
wildfly | at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
wildfly | at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
wildfly | at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
wildfly | at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
wildfly | at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
wildfly | at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
wildfly | at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
wildfly | at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
wildfly | at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
wildfly | at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
wildfly | at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
wildfly | at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
wildfly | at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
wildfly | at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
wildfly | at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
wildfly | at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
wildfly | at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
wildfly | at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
wildfly | at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
wildfly | at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
wildfly | at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
wildfly | at java.lang.Thread.run(Thread.java:748)
wildfly |
I can join more details if needed.
If someone help me, I would be very grateful. I'm waiting for your
response. Thx a lot
--
*Kevin HOARAU - Engineering student*
Computer Science & Industrial Electronic
ISEN
More information about the keycloak-user
mailing list