[keycloak-user] NPE when requesting authorization
Corentin Dupont
corentin.dupont at gmail.com
Tue Jul 3 09:39:21 EDT 2018
Yes, I see that this error happens when the resource does not exists.
However, with my user "guest", it happens all the time, even when the
resource does exist...
On Tue, Jul 3, 2018 at 2:15 PM, Pedro Igor Silva <psilva at redhat.com> wrote:
> OK. Found the issue. Will fix it. Problem is that Sensortest does not
> exist and program enters in a state that a resource-less permission causes
> that error.
>
> On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi guys,
>> I got this error when requesting authorization on a resource:
>>
>> $ curl -X POST
>> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
>> "Authorization: Bearer $USERTOKEN" -d
>> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
>> ence=api-server&permission=Sensortest#sensors:view"
>>
>> {"error":"server_error","error_description":"Unexpected error while
>> evaluating permissions"}
>>
>> On the server side I get:
>>
>> 12:42:11,821 ERROR
>> [org.keycloak.authorization.authorization.AuthorizationTokenService]
>> (default task-16) Unexpected error while evaluating permissions:
>> java.lang.NullPointerException
>> at
>> org.keycloak.authorization.util.Permissions.permits(Permissions.java:194)
>> at
>> org.keycloak.authorization.authorization.AuthorizationTokenS
>> ervice.authorize(AuthorizationTokenService.java:173)
>> at
>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissio
>> nGrant(TokenEndpoint.java:1124)
>> at
>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGr
>> antRequest(TokenEndpoint.java:190)
>> at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>>
>> I got my token this way:
>> USERTOKEN=`curl -X POST -H "Content-Type:
>> application/x-www-form-urlencoded" -d
>> 'username=guest&password=guest&grant_type=password&client_
>> id=api-server&client_secret=xxx'
>> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>> |
>> jq .access_token -r`
>>
>> This seems to happen for scope-based policies.
>>
>> Cheers
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list