And FYI...compleOAth and completeBearer should not be identical.
CompleteOAuth stores things in the HttpSession. Bearer tokens should
not be creating an HttpSession.
On 2/2/2016 2:41 PM, Bill Burke wrote:
This is fixed in master already.
On 2/2/2016 1:38 PM, Harold Campbell wrote:
> The servlet-filter-adapter causes an NPE when a user authed either
> through Basic or Bearer attempts to retrieve the Principal from the
> HttpServletRequest. This is because completeBearerAuthentication,
> unlike completeOAuthAuthentication, does not add an OidcKeycloakAccount
> to the session. If a user is authed via OAuth, everything works fine.
> The attached patch against 1.8.x takes care of the problem. It appears
> the same problem exists in master, though with files moved around the
> patch will not apply directly. This patch makes completeBearer...
> essentially identical to completeOAuth..., so for 1.9.x (or indeed
> 1.8.x if someone wants to redo this) these might oughta be combined
> into a single method.
> keycloak-dev mailing list
JBoss, a division of Red Hat
keycloak-dev mailing list