[keycloak-user] NPE when requesting authorization
Pedro Igor Silva
psilva at redhat.com
Wed Jul 4 08:55:58 EDT 2018
Yes it should. Will check this out.
On Wed, Jul 4, 2018 at 9:31 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> I have another weird behavior (with github HEAD).
> When requesting a permission on a non existing resource, I still get a
> token.
> This token contains all the permissions.
> Is it correct? Shouldn't it be 404 or something?
>
>
> $ USERTOKEN=`curl -X POST -H "Content-Type: application/x-www-form-urlencoded"
> -d 'username=xx&password=xx&grant_type=password&client_id=api-server&client_secret=xxx'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
> | jq .access_token -r`
>
> $ curl -X POST http://localhost:8080/auth/realms/waziup/protocol/openid-
> connect/token -H "Authorization: Bearer $USERTOKEN" -d
> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&
> audience=api-server&permission=not_exist#sensors:view"
>
> {"upgraded":false,"access_token":"eyJhbGciOiJSUzI......
>
>
>
>
>
> On Tue, Jul 3, 2018 at 5:00 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> It should be fixed now in master and available in next release.
>> https://github.com/keycloak/keycloak/pull/5346.
>>
>> Thanks !
>>
>> On Tue, Jul 3, 2018 at 10:39 AM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Yes, I see that this error happens when the resource does not exists.
>>> However, with my user "guest", it happens all the time, even when the
>>> resource does exist...
>>>
>>> On Tue, Jul 3, 2018 at 2:15 PM, Pedro Igor Silva <psilva at redhat.com>
>>> wrote:
>>>
>>>> OK. Found the issue. Will fix it. Problem is that Sensortest does not
>>>> exist and program enters in a state that a resource-less permission causes
>>>> that error.
>>>>
>>>> On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <
>>>> corentin.dupont at gmail.com> wrote:
>>>>
>>>>> Hi guys,
>>>>> I got this error when requesting authorization on a resource:
>>>>>
>>>>> $ curl -X POST
>>>>> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token
>>>>> -H
>>>>> "Authorization: Bearer $USERTOKEN" -d
>>>>> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
>>>>> ence=api-server&permission=Sensortest#sensors:view"
>>>>>
>>>>> {"error":"server_error","error_description":"Unexpected error while
>>>>> evaluating permissions"}
>>>>>
>>>>> On the server side I get:
>>>>>
>>>>> 12:42:11,821 ERROR
>>>>> [org.keycloak.authorization.authorization.AuthorizationTokenService]
>>>>> (default task-16) Unexpected error while evaluating permissions:
>>>>> java.lang.NullPointerException
>>>>> at
>>>>> org.keycloak.authorization.util.Permissions.permits(Permissi
>>>>> ons.java:194)
>>>>> at
>>>>> org.keycloak.authorization.authorization.AuthorizationTokenS
>>>>> ervice.authorize(AuthorizationTokenService.java:173)
>>>>> at
>>>>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissio
>>>>> nGrant(TokenEndpoint.java:1124)
>>>>> at
>>>>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGr
>>>>> antRequest(TokenEndpoint.java:190)
>>>>> at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>>>> thodAccessorImpl.java:43)
>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>
>>>>>
>>>>> I got my token this way:
>>>>> USERTOKEN=`curl -X POST -H "Content-Type:
>>>>> application/x-www-form-urlencoded" -d
>>>>> 'username=guest&password=guest&grant_type=password&client_id
>>>>> =api-server&client_secret=xxx'
>>>>> "http://localhost:8080/auth/realms/waziup/protocol/openid-co
>>>>> nnect/token" |
>>>>> jq .access_token -r`
>>>>>
>>>>> This seems to happen for scope-based policies.
>>>>>
>>>>> Cheers
>>>>> Corentin
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list