I''m looking at the code and there is serialization code to re-create
the token object from a string in KeycloakSecurityContext.
private void readObject(ObjectInputStream in)throws IOException, ClassNotFoundException {
in.defaultReadObject();
token = parseToken(tokenString, AccessToken.class);
idToken = parseToken(idTokenString, IDToken.class);
}
On 7/7/16 7:05 PM, LEONARDO NUNES wrote:
Hi everyone,
An application is deployed using Servlet Filter Adapter at 2 Tomcats
in which are saving sessions to 1 Memcached. There's a Nginx load
balancer with sticky session in front of both Tomcats.
After log in to the application if one Tomcat goes down or is removed
from the load balancer we get the exception below. The problem occur
using Servlet Filter Adapter, it works with Tomcat Adapter but we
can't use it for some of our applications.
java.lang.NullPointerException
org.keycloak.KeycloakSecurityContext.getRealm(KeycloakSecurityContext.java:73)
org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshExpiredToken(RefreshableKeycloakSecurityContext.java:103)
org.keycloak.adapters.servlet.OIDCFilterSessionStore.checkCurrentToken(OIDCFilterSessionStore.java:87)
org.keycloak.adapters.servlet.KeycloakOIDCFilter.doFilter(KeycloakOIDCFilter.java:145)
1. Access a restricted page of the application
2. Nginx will direct to Tomcat1 (because of sticky session next
requests will go to Tomcat1)
3. You will be redirected to Keycloak Login page
4. After login, Keycloak redirects back to the restricted page
(Note: this session is already saved to memcached)
5. At Nginx disable Tomcat1 server
6. At the browser refresh the application page
7. Now the request will go to Tomcat2 server
8. The session is retrieved from memcached
9. An exception is thrown because token is null inside of
KeycloakSecurityContext.getRealm()
(Note: sometimes at this step the restricted page is displayed, but if
I refresh the page the exception is thrown)
I've opened the issue ticket below:
https://issues.jboss.org/browse/KEYCLOAK-3288
--
Leonardo Nunes
------------------------------------------------------------------------
/Esta mensagem pode conter informação confidencial e/ou privilegiada.
Se você não for o destinatário ou a pessoa autorizada a receber esta
mensagem, não poderá usar, copiar ou divulgar as informações nela
contidas ou tomar qualquer ação baseada nessas informações. Se você
recebeu esta mensagem por engano, por favor avise imediatamente o
remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua
cooperação.
This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation/
////
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user