<div dir="ltr">This class is not made available to application .wars. It's only used by keycloak-server.war, and only available to it.<div><br></div><div>It's apparently required during annotation processing - meaning that the annotation requiring it isn't supposed to be used from application .war.</div><div><br></div><div>The way to normally treat this kind of exception is to add WEB-INF/jboss-deployment-structure.xml to your .war, and in it declare a dependency on the module - like this:</div><div><br></div><div><pre style="color:rgb(0,0,0);font-family:Menlo;font-size:9pt"><span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);font-weight:bold">jboss-deployment-structure</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);font-weight:bold">deployment</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);font-weight:bold">dependencies</span><span style="background-color:rgb(239,239,239)">></span><span style="color:rgb(128,128,128);font-style:italic"><br></span></pre><pre style="font-family:Menlo;font-size:9pt"> <span style="color:rgb(0,0,0);background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);font-weight:bold">module</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)"> </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name=</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">"com.google.zxing.core"</span><span style="color:rgb(0,0,0);background-color:rgb(239,239,239)">/></span><font color="#000000"><br></font></pre><pre style="color:rgb(0,0,0);font-family:Menlo;font-size:9pt"><pre style="font-family:Menlo;font-size:9pt"> <span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);font-weight:bold">dependencies</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);font-weight:bold">deployment</span><span style="background-color:rgb(239,239,239)">></span><br><span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);font-weight:bold">jboss-deployment-structure</span><span style="background-color:rgb(239,239,239)">></span></pre><pre style="font-family:Menlo;font-size:9pt"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;white-space:normal"><br></span></pre><pre style="font-family:Menlo;font-size:9pt"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;white-space:normal">The modules live under KEYCLOAK_HOME/modules.</span></pre><pre style="font-family:Menlo;font-size:9pt"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;white-space:normal">Possibly you may make a case for why this class should be automatically available to every Keycloak protected application.</span></pre><pre style="font-family:Menlo;font-size:9pt"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;white-space:normal">However, your problem here may be that you're trying to do something that's not meant to be done this way, and so this may not be the solution you need. </span></pre></pre></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Dec 17, 2015 at 11:49 AM, Pavel Maslov <span dir="ltr"><<a href="mailto:pavel.masloff@gmail.com" target="_blank">pavel.masloff@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I added these two lines to a working REST service which is already secured with Keycloak. The only thing is that I am checking user's roles using <i>annotations</i>. What I want to do now is handle this manually (by creating a test servlet that will pul user's roles out of the token).<div><br></div><div>From the log I can see that it's missing <span style="font-size:12.8px">com/google/zxing:</span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span style="font-size:12.8px">Caused by: java.lang.</span><span style="font-size:12.8px">NoClassDefFoundError: com/google/zxing/</span><span style="font-size:12.8px">WriterException"</span></blockquote><div>I have no idea what it means.</div><div> </div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial;font-size:small"><div dir="ltr"><font color="#888888">Regards,<br>Pavel Maslov, MS</font></div></div></div></div></div></div></div><div><div class="h5">
<br><div class="gmail_quote">On Thu, Dec 17, 2015 at 11:33 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">If you are using WildFly you should install the client adapter subsystem (see the docs for instructions). That way you don't have to add any dependencies into your WAR. </div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 17 December 2015 at 11:01, Pavel Maslov <span dir="ltr"><<a href="mailto:pavel.masloff@gmail.com" target="_blank">pavel.masloff@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Jonah,<div><br></div><div><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You don't get these error if you remove the 2 code lines?<br></blockquote></span><div>Exactly. However, once I include these 2 lines, I cannot deploy the war file to the Wildfly server.</div><div><br></div><div>I have to point out that there are no errors during build/packaging.</div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial;font-size:small"><div dir="ltr"><font color="#888888">Regards,<br>Pavel Maslov, MS</font></div></div></div></div></div></div></div><div><div>
<br><div class="gmail_quote">On Thu, Dec 17, 2015 at 10:56 AM, Johan Bos <span dir="ltr"><<a href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
You don't get these error if you remove the 2 code lines?<br>
When deploying your apps, it is not enough to add the keycloak core
dependency to access the keycloak principal, you also need to add
all possible dependency the keycloak lib is relying onto.<br>
<br>
Basically on latest version of keycloak, I added almost everything
that comes in the adapter zip to my project/api dependency for
runtime.<br>
No idea how it was dealt with in previous version. Only dealt with
keycloak 1.6 and 1.7.<br>
<br>
Since you had to provide some lib to your server (mine was tomcat 7)
to dealt with the keycloak implantation to secure my app, as soon as
I needed to acces keycloak token from my app code, I was required to
add the libs the adapter for tomcat 7 is providing.<br>
<pre cols="72">Regards,
Johan Bos</pre><div><div>
<div>Le 17/12/2015 10:39, Pavel Maslov a
écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Guys, I am repeating my question here. Any ideas on
this?
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr" style="font-size:12.8px">
<div>I added the <b>org.keycloak.KeycloakPrincipal</b> definition
in order to get the token: </div>
<div><br>
</div>
<div><br>
</div>
<div>KeycloakPrincipal kcPrincipal = (KeycloakPrincipal)
srvl.getUserPrincipal();</div>
<div>String token =
kcPrincipal.getKeycloakSecurityContext().getTokenString();<br>
</div>
<div><br>
</div>
<div>but cannot deploy the project to the Wildfly server:</div>
<div><br>
</div>
<div>10:23:31,250 INFO
[org.jboss.resteasy.spi.ResteasyDeployment] (MSC service
thread 1-2) Deploying javax.ws.rs.core.Application: class
si.liis.apitime.service.ApiTimeApplication</div>
<div>10:23:31,282 ERROR [org.jboss.msc.service.fail] (MSC
service thread 1-2) MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_85]</div>
<div>Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getDeclaredMethods0(Native Method)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetDeclaredMethods(Class.java:2625)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetPublicMethods(Class.java:2743)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getMethods(Class.java:1480)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>... 3 more</div>
<div><br>
</div>
<div>10:23:31,285 ERROR
[org.jboss.as.controller.management-operation]
(management-handler-thread - 1) JBAS014613: Operation
("redeploy") failed - address: ([("deployment" =>
"apitime-rest.war")]) - failure description: {"JBAS014671:
Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=> "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div> Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div>10:23:31,285 ERROR [org.jboss.as.server]
(management-handler-thread - 1) JBAS015860: Redeploy of
deployment "apitime-rest.war" was rolled back with the
following failure message: </div>
<div>{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=> "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div> Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div> </div>
<div><br>
</div>
<div><br>
</div>
<div>I am using Wildfly 8.2.0 with Keycloak adapter 1.3.1.</div>
<div>Any solution?</div>
<div>Thanks.</div>
<div><br>
</div>
</div>
</blockquote>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div style="font-family:arial;font-size:small">
<div dir="ltr"><font color="#888888">Regards,<br>
Pavel Maslov, MS</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Dec 16, 2015 at 10:51 PM, Johan
B. <span dir="ltr"><<a href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font size="2"><span style="background-color:rgba(255,255,255,0)">You
answered it. I was not familiar with the whole setting
list. My question was: does something in the ui make the
setting change or is it a manual setup?</span></font>
<div><font size="2"><span style="background-color:rgba(255,255,255,0)">I think
you are saying it is only manual and it is fine.</span></font></div>
<div><font size="2"><span style="background-color:rgba(255,255,255,0)">It would
probably best for future version to have all these
extra adapter setting avail. From admin UI so people
has the switch/checkbox or input form to make direct
application change to the json</span></font></div>
<font size="2"><span style="background-color:rgba(255,255,255,0)">Moreover
since you have a download installation button and a json
setting viewer</span></font>
<div>
<div>
<div><br>
</div>
<div><font size="2"><span style="background-color:rgba(255,255,255,0)"></span></font><span></span>Le mercredi
16 décembre 2015, Johan Bos <<a href="mailto:johan.bos@c6.eu" target="_blank"></a><a href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>> a écrit :<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> oh when you
said: <br>
<pre>use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation file ready with everything ?
</pre>
<pre cols="72">Regards,
Johan Bos</pre>
<div>Le 16/12/2015 16:33, Johan Bos a écrit :<br>
</div>
<blockquote type="cite">So it is one or the other.
<br>
The switch is at realm level or per clients? <br>
<br>
As I tend to make realm role for securing the
clients only and client/resource roles for
internal client management, I should be fine <br>
<br>
Still It would help to have some merging/mapping
so from client we don't have to so much rely on
KeyCloak implementation to test roles... Issue
is that realm role can have same name as client
role. But once there is always some pitfall to
avoid. <br>
<br>
Thanks <br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015 15:45, Bill Burke a écrit : <br>
<blockquote type="cite">See
use-resource-role-mappings switch: <br>
<br>
If set to true, the
getResourceAccess("resource-name") roles will
be <br>
mapped into isUserInRole, otherwise
getRealmAccess is mapped into <br>
isUserInRole <br>
<br>
Not the best I know. We've been meaning to
add some sort of role <br>
mapping facility to the adapter. <br>
<br>
On 12/16/2015 9:17 AM, Johan Bos wrote: <br>
<blockquote type="cite">Why is
HttpRequest.isUserInRole(<role>) not
capable to return true when <br>
the role is present in the
AccessToken.getRealmAccess? <br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015 15:09, Bill Burke a écrit : <br>
<blockquote type="cite">AccessToken.getResourceAccess
or AccessToken.getRealmAccess <br>
<br>
On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
<br>
<blockquote type="cite">Its not clear to
me how you get the assigned roles from
the AccessToken. <br>
For instance, is the realm has
configured the user to have roles "user"
<br>
and "editor" how do I find these in the
AccessToken? <br>
<br>
Tim <br>
<br>
On 07/12/2015 02:53, Bill Burke wrote: <br>
<blockquote type="cite">For Java
HttpServletRequest.isUserInRole()
works. If you typecast the <br>
principal to KeycloakPrincipal you can
obtain the AccessToken. <br>
<br>
On 12/6/2015 5:39 PM, Pavel Maslov
wrote: <br>
<blockquote type="cite">Hi everyone, <br>
<br>
<br>
Do Keycloak adapters support user
authorization? I mean, of course <br>
they <br>
do :) For example, the API I have
secured with Keycloak receives a <br>
Keycloak access token from the
client. How can I validate the token
<br>
(check user roles) in my code? I am
interested in the Java <br>
(wildfly) and <br>
Javascript adapters. <br>
<br>
Manually I am using <a href="http://jwt.io" target="_blank">jwt.io</a> <a href="http://jwt.io" target="_blank"></a><a href="http://jwt.io" target="_blank"><http://jwt.io></a>
to check the token. I am <br>
just <br>
curious if the Keycloak adapters
support smth similar out of the box.
<br>
<br>
Thank you for your answers. <br>
<br>
<br>
Regards, <br>
Pavel Maslov, MS <br>
<br>
<br>
_______________________________________________
<br>
keycloak-user mailing list <br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
_______________________________________________
<br>
keycloak-user mailing list <br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
_______________________________________________
<br>
keycloak-user mailing list <br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a>keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div></div></div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>