<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>I''m looking at the code and there is serialization code to
re-create the token object from a string in
KeycloakSecurityContext.<br>
</p>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<pre style="background-color:#ffffff;color:#000000;font-family:'Menlo';font-size:9.0pt;"><span style="color:#000080;font-weight:bold;">private void </span>readObject(ObjectInputStream in) <span style="color:#000080;font-weight:bold;">throws </span>IOException, ClassNotFoundException {
in.defaultReadObject();
<span style="color:#660e7a;font-weight:bold;">token </span>= parseToken(<span style="color:#660e7a;font-weight:bold;">tokenString</span>, AccessToken.<span style="color:#000080;font-weight:bold;">class</span>);
<span style="color:#660e7a;font-weight:bold;">idToken </span>= parseToken(<span style="color:#660e7a;font-weight:bold;">idTokenString</span>, IDToken.<span style="color:#000080;font-weight:bold;">class</span>);
}
</pre>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 7/7/16 7:05 PM, LEONARDO NUNES
wrote:<br>
</div>
<blockquote cite="mid:D3A466A4.2C47F%25leo.nunes@ojc.com.br"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>Hi everyone, </div>
<div><br>
</div>
<div>An application is deployed using Servlet Filter Adapter at 2
Tomcats in which are saving sessions to 1 Memcached. There's a
Nginx load balancer with sticky session in front of both
Tomcats.</div>
<div>
<div><br>
</div>
<div>After log in to the application if one Tomcat goes down or
is removed from the load balancer we get the exception below.
The problem occur using Servlet Filter Adapter, it works with
Tomcat Adapter but we can't use it for some of our
applications.</div>
<div><br>
</div>
<div>java.lang.NullPointerException</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>org.keycloak.KeycloakSecurityContext.getRealm(KeycloakSecurityContext.java:73)</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshExpiredToken(RefreshableKeycloakSecurityContext.java:103)</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>org.keycloak.adapters.servlet.OIDCFilterSessionStore.checkCurrentToken(OIDCFilterSessionStore.java:87)</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>org.keycloak.adapters.servlet.KeycloakOIDCFilter.doFilter(KeycloakOIDCFilter.java:145)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>1. Access a restricted page of the application</div>
<div>2. Nginx will direct to Tomcat1 (because of sticky session
next requests will go to Tomcat1)</div>
<div>3. You will be redirected to Keycloak Login page</div>
<div>4. After login, Keycloak redirects back to the restricted
page</div>
<div>(Note: this session is already saved to memcached)</div>
<div>5. At Nginx disable Tomcat1 server</div>
<div>6. At the browser refresh the application page</div>
<div>7. Now the request will go to Tomcat2 server</div>
<div>8. The session is retrieved from memcached</div>
<div>9. An exception is thrown because token is null inside of
KeycloakSecurityContext.getRealm()</div>
<div>(Note: sometimes at this step the restricted page is
displayed, but if I refresh the page the exception is thrown)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I've opened the issue ticket below:</div>
<div><a moz-do-not-send="true"
href="https://issues.jboss.org/browse/KEYCLOAK-3288">https://issues.jboss.org/browse/KEYCLOAK-3288</a></div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>
<div>-- </div>
<div>Leonardo Nunes</div>
</div>
</div>
<hr style="height:1px;color:#C4C4C4;">
<div style="font-family:Arial;color:#848484;font-size:11px;"><i>Esta
mensagem pode conter informação confidencial e/ou
privilegiada. Se você não for o destinatário ou a pessoa
autorizada a receber esta mensagem, não poderá usar, copiar ou
divulgar as informações nela contidas ou tomar qualquer ação
baseada nessas informações. Se você recebeu esta mensagem por
engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperação.
<br>
<br>
This message may contain confidential and/or privileged
information. If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein. If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation</i></div>
<i><i>
</i></i>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>