<div dir="ltr"><div><div><div><div>Hi Marek,<br><br></div>Hmmm, indeed, that happens after having deleted clients. But, i haven't defined any composite roles. The rest of the REST api operation i've used don't seem to trigger it. <br><br>But wait! i think you rung a bell. The clients i remove have their own application-level roles created and bound to them. They are not composite though in the strict sense of the term. Possibly the user that tries to get a token is also assigned these roles. Btw, is it proper practice to remove a client without removing its own application roles first?<br><br>Also, I'm using the default H2 DB setup. <br><br></div>I will try to reproduce and post my findings to this thread.<br><br></div><br>Thanks Marek<br><br></div>Orestis<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 2, 2015 at 4:45 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>It looks you deleted some client, but
his composite roles were not properly deleted. It might be a bug
though, but not sure. It will be cool if you can provide more
detailed steps to reproduce. Are you using default H2 DB or some
else?<br>
<br>
Thanks,<br>
Marek<div><div class="h5"><br>
<br>
On 02/09/15 11:25, Orestis Tsakiridis wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>
<div>Hello,<br>
<br>
</div>
I'm experiencing a strange error while trying to retrieve a
token. Although initially the application may function
properly and tokens issued normally, something happens when
i use the Admin REST api that triggers the error. After that
no tokens can be issued and an NPE appears in the log.
Usually this happens after trying to drop some clients.<br>
<br>
</div>
<div>Btw, i'm using keycloak-1.4.0.Final.<br>
</div>
<div><br>
</div>
Here is the command i use to get the token:<br>
<br>
curl -k -X POST <a href="https://identity.restcomm.com/auth/realms/restcomm/protocol/openid-connect/token" target="_blank">https://identity.restcomm.com/auth/realms/restcomm/protocol/openid-connect/token</a>
-d "grant_type=password" -d "client_id=restcomm-identity-rest"
-d "username=otsakir" -d "password=...."<br>
<br>
</div>
And here is what i get in the logs:<br>
<div>
<div><br>
09:12:36,414 ERROR [io.undertow.request] (default task-4)
UT005023: Exception handling request to
/auth/realms/restcomm/protocol/openid-connect/token:
java.lang.RuntimeException: request path:
/auth/realms/restcomm/protocol/openid-connect/token<br>
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:73)<br>
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)<br>
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)<br>
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)<br>
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)<br>
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)<br>
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)<br>
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)<br>
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)<br>
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)<br>
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)<br>
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)<br>
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)<br>
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)<br>
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)<br>
at java.lang.Thread.run(Thread.java:745)<br>
Caused by: org.jboss.resteasy.spi.UnhandledException:
java.lang.NullPointerException<br>
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)<br>
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)<br>
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)<br>
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)<br>
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)<br>
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)<br>
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)<br>
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)<br>
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)<br>
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)<br>
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)<br>
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:59)<br>
... 29 more<br>
Caused by: java.lang.NullPointerException<br>
at
org.keycloak.protocol.oidc.TokenManager.addComposites(TokenManager.java:353)<br>
at
org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:193)<br>
at
org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateAccessToken(TokenManager.java:412)<br>
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:358)<br>
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:113)<br>
at sun.reflect.GeneratedMethodAccessor204.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:606)<br>
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)<br>
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)<br>
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)<br>
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)<br>
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)<br>
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)<br>
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)<br>
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)<br>
... 37 more<br>
<br>
<br>
</div>
<div>Regards<br>
<br>
</div>
<div>Orestis<br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>