NPE When trying to authorise unknown user
by Conrad Winchester
Hi Keycloak people,
First of all another really big thank you. I think this project is awesome and its really come on a long way from the alpha releases. Thanks for all the hard work.
I have encountered an issue, that might be a bug. If it is please can you tell me where to report it.
Basically I am doing a direct access grant like the example in Chapter 13 of the documents. If I send in a username that does exist in the database but with a wrong password then it fails to authorise me correctly, but If I send in a username that does not exist in the database for that realm, then Keycloak throws an NPE rather than not authorising.
Here is a stack trace.
I hope this helps
Conrad
[0m�[0m06:01:34,613 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-56) --> authenticate()
�[0m�[0m06:01:34,613 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-56) try bearer
�[0m�[0m06:01:34,613 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-56) NOT_ATTEMPTED: bearer only
�[0m�[31m06:01:34,629 ERROR [io.undertow.request] (default task-57) UT005023: Exception handling request to /auth/realms/shift/tokens/grants/access: org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.8.Final.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41) [keycloak-services-1.0-beta-2.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:41) [keycloak-services-1.0-beta-2.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.8.0]
Caused by: java.lang.NullPointerException
at org.keycloak.audit.Audit.user(Audit.java:54) [keycloak-audit-api-1.0-beta-2.jar:]
at org.keycloak.services.resources.TokenService.grantAccessToken(TokenService.java:244) [keycloak-services-1.0-beta-2.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103) [resteasy-jaxrs-3.0.8.Final.jar:]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.8.Final.jar:]
... 39 more
11 years, 12 months
Error thrown with invalid bearer token
by Conrad Winchester
Hi again
I think I my have found another bug. If I send in a bearer token that is invalid keycloak throws an error rather than returning an ‘Unauthorised' response
[0m�[31m06:26:20,551 ERROR [io.undertow.request] (default task-105) UT005023: Exception handling request to /shift-server/shift/users: java.lang.RuntimeException: java.lang.RuntimeException: Illegal base64url string!
at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:39) [keycloak-core-1.0-beta-2.jar:]
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:20) [keycloak-core-1.0-beta-2.jar:]
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16) [keycloak-core-1.0-beta-2.jar:]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:63) [keycloak-adapter-core-1.0-beta-2.jar:]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:37) [keycloak-adapter-core-1.0-beta-2.jar:]
at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:38) [keycloak-undertow-adapter-1.0-beta-2.jar:]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:54) [keycloak-undertow-adapter-1.0-beta-2.jar:]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.8.0]
Caused by: java.lang.RuntimeException: Illegal base64url string!
at org.keycloak.util.Base64Url.decode(Base64Url.java:33) [keycloak-core-1.0-beta-2.jar:]
at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:30) [keycloak-core-1.0-beta-2.jar:]
... 35 more
Conrad
11 years, 12 months
Problem when having no auth-method
by Rodrigo Sasaki
Hi,
I was trying to deploy some of my company's applications on keycloak, and
in one of them I got this error:
Caused by: java.lang.NullPointerException
at
org.keycloak.subsystem.extension.KeycloakAdapterConfigDeploymentProcessor.deploy(KeycloakAdapterConfigDeploymentProcessor.java:73)
at
org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113)
[jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
I went to investigate and I found that on line 73 of
KeycloakAdapterConfigDeploymentProcessor there was this:
loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")
and I did some digging and it happens that in this particular project,
there is no auth-method identified on web.xml, so loginConfig.getAuthMethod
returned null.
All I did was change the comparison to this:
"KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod())
And it all works. I don't know if this defines a problem in the scope of
your project, but it would be good to inform you
--
Rodrigo Sasaki
12 years
Problem with keycloak.js
by Boettcher, Jim
Hi,
We have written an AngularJS client that uses the keycloak.js adapter to get a bearer token and then makes REST calls using the token. The client also stores the token and refresh token to local storage and uses the token from local storage if it is found. This all worked well with the pre-beta1 keycloak.js adapter.
With the beta1 keycloak.js adapter it works the first time we access the page, we get redirected to the login page and get the tokens back. However the client app seems to hang when we use the token found in local storage. After looking at the code it seems that a line might be missing in the function processInit().
Starting at line 58 I made the following code change:
if (initOptions.token || initOptions.refreshToken) {
setToken(initOptions.token, initOptions.refreshToken);
initPromise.setSuccess(); //Added this line to get things working
After this change our code started working again.
Can someone take a look at this and advise us if this is correct?
Thank you
12 years
Beta 2 released
by Bill Burke
We had a couple of blocker bugs centered around SSL and Wildfly. Fixes
are in, and beta 2 is released.
Check out jira release notes for more details.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12 years
Obtaining the KeycloakSecurityContext from a jaxrs / Bearer Only service
by Josh
Hi,
Looking through the examples I see a few client examples obtaining
a KeycloakSecurityContext from the HttpServletRequest object via
getAttribute.
ie.
KeycloakSecurityContext session = (KeycloakSecurityContext)
req.getAttribute(KeycloakSecurityContext.class.getName());
Wondering how this would be done for examples like the "database-service"
jax-rs example?
My goal is to be able to have access to the IDToken information for a rest
call.
--
Thanks,
Josh
12 years
Re: [keycloak-user] Getting NPE for lookupSecurePort
by nep7une w
Rp.
On Mon, Jun 2, 2014 at 9:18 AM, nep7une w <nep7une.w(a)gmail.com> wrote:
> Hi Bill,
>
> I am facing NullPointerException when testing keycloak beta1 with wildfly
> 8 over HTTPS(port 28081) , part of the error log shows as below, plz help:
>
>
>
> ERROR [io.undertow.request] (default task-7) UT005023: Exception handling
> request to /ex06_1/: java.lang.NullPointerException
> at
> org.wildfly.extension.undertow.Server.lookupSecurePort(Server.java:113)
> at
> org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$2.getConfidentialPort(UndertowDeploymentInfoService.java:454)
> at
> org.keycloak.adapters.wildfly.WildflyAuthenticationMechanism.createRequestAuthenticator(WildflyAuthenticationMechanism.java:27)
> [keycloak-wildfly-adapter-1.0-beta-1.jar:]
> at
> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:37)
> [keycloak-undertow-adapter-1.0-beta-1.jar:]
>
> Regards,
> Nep
>
12 years
JPA Authentication Provider
by Josh
Hi guys,
Wondering if it would be possible to create a JPA authentication provider?
What I am trying to do is share the hibernate user model between keycloak
authentication provider and my application. I've got as far as extracting
the models into their own project so they can be used as dependency between
my application / authentication provider.
Still wrapping my head around JavaEE architecture so forgive me if this
next sentence doesn't make any sense... The properties authentication
adapter in beta1 examples is a jar which can't really declare it's own data
sources. So wondering how I would implement a provider that defines its
own datasource?
Thanks,
Josh
12 years
