12:38 p.m.
The servlet-filter-adapter causes an NPE when a user authed either
through Basic or Bearer attempts to retrieve the Principal from the
HttpServletRequest. This is because completeBearerAuthentication,
unlike completeOAuthAuthentication, does not add an OidcKeycloakAccount
to the session. If a user is authed via OAuth, everything works fine.
The attached patch against 1.8.x takes care of the problem. It appears
the same problem exists in master, though with files moved around the
patch will not apply directly. This patch makes completeBearer...
essentially identical to completeOAuth..., so for 1.9.x (or indeed
1.8.x if someone wants to redo this) these might oughta be combined
into a single method.
--
Harold Campbell <hcamp(a)muerte.net>
The more data I punch in this card, the lighter it becomes, and the
lower the mailing cost.
-- S. Kelly-Bootle, "The Devil's DP Dictionary"
1:41 p.m.
This is fixed in master already.
On 2/2/2016 1:38 PM, Harold Campbell wrote:
The servlet-filter-adapter causes an NPE when a user authed either
through Basic or Bearer attempts to retrieve the Principal from the
HttpServletRequest. This is because completeBearerAuthentication,
unlike completeOAuthAuthentication, does not add an OidcKeycloakAccount
to the session. If a user is authed via OAuth, everything works fine.
The attached patch against 1.8.x takes care of the problem. It appears
the same problem exists in master, though with files moved around the
patch will not apply directly. This patch makes completeBearer...
essentially identical to completeOAuth..., so for 1.9.x (or indeed
1.8.x if someone wants to redo this) these might oughta be combined
into a single method.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
1:43 p.m.
And FYI...compleOAth and completeBearer should not be identical.
CompleteOAuth stores things in the HttpSession. Bearer tokens should
not be creating an HttpSession.
On 2/2/2016 2:41 PM, Bill Burke wrote:
This is fixed in master already.
On 2/2/2016 1:38 PM, Harold Campbell wrote:
> The servlet-filter-adapter causes an NPE when a user authed either
> through Basic or Bearer attempts to retrieve the Principal from the
> HttpServletRequest. This is because completeBearerAuthentication,
> unlike completeOAuthAuthentication, does not add an OidcKeycloakAccount
> to the session. If a user is authed via OAuth, everything works fine.
>
> The attached patch against 1.8.x takes care of the problem. It appears
> the same problem exists in master, though with files moved around the
> patch will not apply directly. This patch makes completeBearer...
> essentially identical to completeOAuth..., so for 1.9.x (or indeed
> 1.8.x if someone wants to redo this) these might oughta be combined
> into a single method.
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3250
days inactive
3250
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Harold Campbell