8:51 a.m.
Hello,
Thank you for you quick answer, things are really close now :)
Unfortunately using returnNames in GET permission/ticket triggers an NPE
when I use returnNames. I have built from tip of master
(29f8187978ea464ff6636981ede22ac5f7f86075).
I paste in the full console printout below. The NPE occurs at:
15:13:47,468 ERROR XNIO-1 task-15
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
The function in question seems to fail to get the owner. I tried to use
ownerName when creating the ticket, and sure enough I got:
[
{
"id": "9785e990-8f14-408b-814b-f8f8b46e5076",
"owner": "5759f399-a9c0-47e1-8eb7-dd8b9148aaec",
"resource": "740fb06e-a543-4cca-9be1-ab240710c4c9",
"scope": "55b45b56-2fcb-4b18-b9ab-ec68c53fc14b",
"granted": true,
"requester": "b4e263e7-7739-4e0b-b554-b96520d27bae"
}
]
So the owner field is set in the DB but it seems that line 874 still sets
owner variable to null… I am really at loss what to do. I suspect a patch
where we
check for null on owner and requester is not the right thing to do :)
858 public static PermissionTicketRepresentation
toRepresentation(PermissionTicket ticket, AuthorizationProvider
authorization, boolean returnNames) {
859 PermissionTicketRepresentation representation = new
PermissionTicketRepresentation();
860
861 representation.setId(ticket.getId());
862 representation.setGranted(ticket.isGranted());
863 representation.setOwner(ticket.getOwner());
864 representation.setRequester(ticket.getRequester());
865
866 Resource resource = ticket.getResource();
867
868 representation.setResource(resource.getId());
869
870 if (returnNames) {
871 representation.setResourceName(resource.getName());
872 KeycloakSession keycloakSession =
authorization.getKeycloakSession();
873 RealmModel realm = authorization.getRealm();
874 UserModel owner =
keycloakSession.users().getUserById(ticket.getOwner(), realm);
875 UserModel requester =
keycloakSession.users().getUserById(ticket.getRequester(), realm);
876 representation.setRequesterName(requester.getUsername());
877 representation.setOwnerName(owner.getUsername());
878 }
879
880 Scope scope = ticket.getScope();
881
882 if (scope != null) {
883 representation.setScope(scope.getId());
884 if (returnNames) {
885 representation.setScopeName(scope.getName());
886 }
887 }
888
889 return representation;
890 }
891 }
Best Regards,
Ulrik
15:13:47,468 ERROR XNIO-1 task-15
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
15:15:05,130 ERROR XNIO-1 task-22
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
On 9 November 2018 at 14:37:01, Pedro Igor Silva (psilva(a)redhat.com) wrote:
Hi,
You can use "scopeName" and "requesterName" properties for that. Take
a
look here
https://github.com/keycloak/keycloak/blob/5cbe595fe3094aae8135b8f2c729e9a...
.
Regards.
Pedro Igor
On Fri, Nov 9, 2018 at 7:18 AM Ulrik Sjölin <ulrik.sjolin(a)gmail.com> wrote:
Hello,
I have a question on how to use the
API: /authz/protection/permission/ticket
I can call the endpoint successfully if I do the call with only ids:
curl --silent -X POST \
http://
${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
\
-H "Authorization: Bearer ${service_access_token}" \
-H "Content-Type: application/json" \
-d "{
\"resource\":\"${resource_id}\",
\"scope\":\"40065a35-02d5-4db9-be46-02566cf7a666\",
\"requester\":\"79ae9a5a-0304-41ec-b721-d57a09d419cb\",
\"granted\":\"true\"
}”
It would however be a lot more workable for me if I could use names like:
curl --silent -X POST \
http://
${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
\
-H "Authorization: Bearer ${service_access_token}" \
-H "Content-Type: application/json" \
-d "{
\"resource\":\"${resource_id}\",
\"scope\":\”Read\",
\"requester\":\”alice\",
\"granted\":\"true\"
}”
But when I do this I get:
{"error":"invalid_scope","error_description":"Scope
[Read] is invalid”}
{"error":"invalid_permission","error_description":"Requester
does not
exists in this server as user.”}
Looking at the code there seems to be lookups from names to id, but
for some reason it fails. What
am I doing wrong? Any help is greatly appreciated.
Best Regards,
Ulrik Sjölin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:58 a.m.
New subject: [keycloak-user] /authz/protection/permission/ticket usage?
Could not reproduce this. Can you give me an example of the GET request ?
On Fri, Nov 9, 2018 at 12:54 PM Ulrik Sjölin <ulrik.sjolin(a)gmail.com> wrote:
Hello,
Thank you for you quick answer, things are really close now :)
Unfortunately using returnNames in GET permission/ticket triggers an NPE
when I use returnNames. I have built from tip of master
(29f8187978ea464ff6636981ede22ac5f7f86075).
I paste in the full console printout below. The NPE occurs at:
15:13:47,468 ERROR XNIO-1 task-15
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
The function in question seems to fail to get the owner. I tried to use
ownerName when creating the ticket, and sure enough I got:
[
{
"id": "9785e990-8f14-408b-814b-f8f8b46e5076",
"owner": "5759f399-a9c0-47e1-8eb7-dd8b9148aaec",
"resource": "740fb06e-a543-4cca-9be1-ab240710c4c9",
"scope": "55b45b56-2fcb-4b18-b9ab-ec68c53fc14b",
"granted": true,
"requester": "b4e263e7-7739-4e0b-b554-b96520d27bae"
}
]
So the owner field is set in the DB but it seems that line 874 still sets
owner variable to null… I am really at loss what to do. I suspect a patch
where we
check for null on owner and requester is not the right thing to do :)
858 public static PermissionTicketRepresentation
toRepresentation(PermissionTicket ticket, AuthorizationProvider
authorization, boolean returnNames) {
859 PermissionTicketRepresentation representation = new
PermissionTicketRepresentation();
860
861 representation.setId(ticket.getId());
862 representation.setGranted(ticket.isGranted());
863 representation.setOwner(ticket.getOwner());
864 representation.setRequester(ticket.getRequester());
865
866 Resource resource = ticket.getResource();
867
868 representation.setResource(resource.getId());
869
870 if (returnNames) {
871 representation.setResourceName(resource.getName());
872 KeycloakSession keycloakSession =
authorization.getKeycloakSession();
873 RealmModel realm = authorization.getRealm();
874 UserModel owner =
keycloakSession.users().getUserById(ticket.getOwner(), realm);
875 UserModel requester =
keycloakSession.users().getUserById(ticket.getRequester(), realm);
876 representation.setRequesterName(requester.getUsername());
877 representation.setOwnerName(owner.getUsername());
878 }
879
880 Scope scope = ticket.getScope();
881
882 if (scope != null) {
883 representation.setScope(scope.getId());
884 if (returnNames) {
885 representation.setScopeName(scope.getName());
886 }
887 }
888
889 return representation;
890 }
891 }
Best Regards,
Ulrik
15:13:47,468 ERROR XNIO-1 task-15
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
at
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at
java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
15:15:05,130 ERROR XNIO-1 task-22
[org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
java.lang.NullPointerException
at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
at
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at
java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
On 9 November 2018 at 14:37:01, Pedro Igor Silva (psilva(a)redhat.com)
wrote:
Hi,
You can use "scopeName" and "requesterName" properties for that. Take
a
look here
https://github.com/keycloak/keycloak/blob/5cbe595fe3094aae8135b8f2c729e9a...
.
Regards.
Pedro Igor
On Fri, Nov 9, 2018 at 7:18 AM Ulrik Sjölin <ulrik.sjolin(a)gmail.com>
wrote:
> Hello,
>
> I have a question on how to use the
> API: /authz/protection/permission/ticket
>
> I can call the endpoint successfully if I do the call with only ids:
>
> curl --silent -X POST \
> http://
> ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> \
> -H "Authorization: Bearer ${service_access_token}" \
> -H "Content-Type: application/json" \
> -d "{
> \"resource\":\"${resource_id}\",
> \"scope\":\"40065a35-02d5-4db9-be46-02566cf7a666\",
> \"requester\":\"79ae9a5a-0304-41ec-b721-d57a09d419cb\",
> \"granted\":\"true\"
> }”
>
> It would however be a lot more workable for me if I could use names like:
>
> curl --silent -X POST \
> http://
> ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> \
> -H "Authorization: Bearer ${service_access_token}" \
> -H "Content-Type: application/json" \
> -d "{
> \"resource\":\"${resource_id}\",
> \"scope\":\”Read\",
> \"requester\":\”alice\",
> \"granted\":\"true\"
> }”
>
> But when I do this I get:
>
>
{"error":"invalid_scope","error_description":"Scope
[Read] is invalid”}
>
{"error":"invalid_permission","error_description":"Requester
does not
> exists in this server as user.”}
>
> Looking at the code there seems to be lookups from names to id, but
> for some reason it fails. What
> am I doing wrong? Any help is greatly appreciated.
>
> Best Regards,
>
> Ulrik Sjölin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
11:26 a.m.
New subject: [keycloak-user] /authz/protection/permission/ticket usage?
Here is my script… its a bit of a hack but it produces the problem
100% of times.
Best Regards,
Ulrik
#!/bin/bash
export host=keycloak
export port=8081
export realm=myrealm
export resource_server_client_id=myrealm-core-services
export resource_server_client_secret=133544d2-8d6c-4a8b-a4e2-827bdd34cdca
export username=alice
export password=alice
export resource_owner=jdoe
export resource_name=JDoeResource
export scope=read
echo "Obtaining token for ${username}"
export access_token=\
`curl --silent \
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
-d client_id=${resource_server_client_id} \
-d client_secret=${resource_server_client_secret} \
-d username=${username} \
-d password=${password} \
-d grant_type=password \
| jq -r ".access_token"`
echo "Obtaining token for ${resource_server_client_id}"
export service_access_token=\
`curl --silent -X POST \
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
-d grant_type=client_credentials \
-d client_id=${resource_server_client_id} \
-d client_secret=${resource_server_client_secret} \
| jq -r ".access_token"`
echo "Getting resouce id for resource: ${resource_name}"
export result=\
`curl --silent -X GET \
http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set?name=${resource_name}
\
-H "Authorization: Bearer ${access_token}" \
| jq -r ".[0]"`
if [ "$result" = "null" ]; then
echo "Trying to create resource"
export new_obj=`curl --silent -X POST \
http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set \
-H "content-type: application/json" \
-H "Authorization: Bearer ${service_access_token}" \
-d "{
\"name\":\"${resource_name}\",
\"type\":\"Entities\",
\"ownerManagedAccess\":\"true\",
\"resource_scopes\":[\"admin\",\"peek\",\"read\",\"write\",\"delete\"]
}"`
resource_id=`echo $new_obj | jq "._id" | tr -d '"'`
echo "Resource ID: ${resource_id}"
else
echo "Found resource with id: ${result}"
resource_id=$result
fi
echo "Add permission ticket"
export result=\
`curl --silent -X POST \
http://${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket \
-H "Authorization: Bearer ${service_access_token}" \
-H "Content-Type: application/json" \
-d "{
\"resource\":\"${resource_id}\",
\"scopeName\":\"${scope}\",
\"requesterName\":\"${username}\",
\"granted\":\"true\",
\"ownerName\":\"${resource_server_client_id}\"
}"`
echo
echo "Get a list of all permission tickets"
export result=\
`curl --silent -X GET \
http://${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket \
-H "Authorization: Bearer ${service_access_token}"`
echo $result | jq -C .
echo
echo "Get a list of all permission tickets - with names"
export result=\
`curl --silent -X GET \
http://${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket?returnNames=true
\
-H "Authorization: Bearer ${service_access_token}"`
echo $result | jq -C .
On 9 November 2018 at 16:58:27, Pedro Igor Silva
(psilva@redhat.com(mailto:psilva@redhat.com)) wrote:
Could not reproduce this. Can you give me an example of the GET
request ?
On Fri, Nov 9, 2018 at 12:54 PM Ulrik Sjölin wrote:
> Hello,
>
> Thank you for you quick answer, things are really close now :)
>
> Unfortunately using returnNames in GET permission/ticket triggers an NPE
> when I use returnNames. I have built from tip of master
> (29f8187978ea464ff6636981ede22ac5f7f86075).
> I paste in the full console printout below. The NPE occurs at:
>
> 15:13:47,468 ERROR XNIO-1 task-15
> [org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
> java.lang.NullPointerException
> at
>
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
>
> The function in question seems to fail to get the owner. I tried to use
> ownerName when creating the ticket, and sure enough I got:
>
> [
> {
> "id": "9785e990-8f14-408b-814b-f8f8b46e5076",
> "owner": "5759f399-a9c0-47e1-8eb7-dd8b9148aaec",
> "resource": "740fb06e-a543-4cca-9be1-ab240710c4c9",
> "scope": "55b45b56-2fcb-4b18-b9ab-ec68c53fc14b",
> "granted": true,
> "requester": "b4e263e7-7739-4e0b-b554-b96520d27bae"
> }
> ]
>
> So the owner field is set in the DB but it seems that line 874 still sets
> owner variable to null… I am really at loss what to do. I suspect a patch
> where we
> check for null on owner and requester is not the right thing to do :)
>
> 858 public static PermissionTicketRepresentation
> toRepresentation(PermissionTicket ticket, AuthorizationProvider
> authorization, boolean returnNames) {
> 859 PermissionTicketRepresentation representation = new
> PermissionTicketRepresentation();
> 860
> 861 representation.setId(ticket.getId());
> 862 representation.setGranted(ticket.isGranted());
> 863 representation.setOwner(ticket.getOwner());
> 864 representation.setRequester(ticket.getRequester());
> 865
> 866 Resource resource = ticket.getResource();
> 867
> 868 representation.setResource(resource.getId());
> 869
> 870 if (returnNames) {
> 871 representation.setResourceName(resource.getName());
> 872 KeycloakSession keycloakSession =
> authorization.getKeycloakSession();
> 873 RealmModel realm = authorization.getRealm();
> 874 UserModel owner =
> keycloakSession.users().getUserById(ticket.getOwner(), realm);
> 875 UserModel requester =
> keycloakSession.users().getUserById(ticket.getRequester(), realm);
> 876 representation.setRequesterName(requester.getUsername());
> 877 representation.setOwnerName(owner.getUsername());
> 878 }
> 879
> 880 Scope scope = ticket.getScope();
> 881
> 882 if (scope != null) {
> 883 representation.setScope(scope.getId());
> 884 if (returnNames) {
> 885 representation.setScopeName(scope.getName());
> 886 }
> 887 }
> 888
> 889 return representation;
> 890 }
> 891 }
>
>
> Best Regards,
>
> Ulrik
>
> 15:13:47,468 ERROR XNIO-1 task-15
> [org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
> java.lang.NullPointerException
> at
>
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
> at
>
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
> at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
> at java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> at
> java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
> at
>
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
> at
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
> at
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
> at
>
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
>
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
>
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at
>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
>
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at
>
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at
>
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 15:15:05,130 ERROR XNIO-1 task-22
> [org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
> java.lang.NullPointerException
> at
>
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:877)
> at
>
org.keycloak.authorization.protection.permission.PermissionTicketService.lambda$find$90(PermissionTicketService.java:224)
> at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
> at java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> at
> java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
> at
>
org.keycloak.authorization.protection.permission.PermissionTicketService.find(PermissionTicketService.java:225)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
> at
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
> at
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
> at
>
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
>
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at
>
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at
>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
>
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at
>
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at
>
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
>
> On 9 November 2018 at 14:37:01, Pedro Igor Silva
(psilva@redhat.com(mailto:psilva@redhat.com)) wrote:
>
> Hi,
>
> You can use "scopeName" and "requesterName" properties for that.
Take a
> look here
>
https://github.com/keycloak/keycloak/blob/5cbe595fe3094aae8135b8f2c729e9a...
> .
>
> Regards.
> Pedro Igor
>
> On Fri, Nov 9, 2018 at 7:18 AM Ulrik Sjölin wrote:
>
> > Hello,
> >
> > I have a question on how to use the
> > API: /authz/protection/permission/ticket
> >
> > I can call the endpoint successfully if I do the call with only ids:
> >
> > curl --silent -X POST \
> > http://
> > ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> > \
> > -H "Authorization: Bearer ${service_access_token}" \
> > -H "Content-Type: application/json" \
> > -d "{
> > \"resource\":\"${resource_id}\",
> > \"scope\":\"40065a35-02d5-4db9-be46-02566cf7a666\",
> > \"requester\":\"79ae9a5a-0304-41ec-b721-d57a09d419cb\",
> > \"granted\":\"true\"
> > }”
> >
> > It would however be a lot more workable for me if I could use names like:
> >
> > curl --silent -X POST \
> > http://
> > ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> > \
> > -H "Authorization: Bearer ${service_access_token}" \
> > -H "Content-Type: application/json" \
> > -d "{
> > \"resource\":\"${resource_id}\",
> > \"scope\":\”Read\",
> > \"requester\":\”alice\",
> > \"granted\":\"true\"
> > }”
> >
> > But when I do this I get:
> >
> >
{"error":"invalid_scope","error_description":"Scope
[Read] is invalid”}
> >
{"error":"invalid_permission","error_description":"Requester
does not
> > exists in this server as user.”}
> >
> > Looking at the code there seems to be lookups from names to id, but
> > for some reason it fails. What
> > am I doing wrong? Any help is greatly appreciated.
> >
> > Best Regards,
> >
> > Ulrik Sjölin
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user@lists.jboss.org(mailto:keycloak-user@lists.jboss.org)
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev@lists.jboss.org(mailto:keycloak-dev@lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
2258
days inactive
2258
days old
2 comments
2 participants
participants (2)
-
Pedro Igor Silva -
Ulrik Sjölin