It should be fixed now in master and available in next release.
.
Thanks !
On Tue, Jul 3, 2018 at 10:39 AM, Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
Yes, I see that this error happens when the resource does not
exists.
However, with my user "guest", it happens all the time, even when the
resource does exist...
On Tue, Jul 3, 2018 at 2:15 PM, Pedro Igor Silva <psilva(a)redhat.com>
wrote:
> OK. Found the issue. Will fix it. Problem is that Sensortest does not
> exist and program enters in a state that a resource-less permission causes
> that error.
>
> On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <
> corentin.dupont(a)gmail.com> wrote:
>
>> Hi guys,
>> I got this error when requesting authorization on a resource:
>>
>> $ curl -X POST
>>
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token
>> -H
>> "Authorization: Bearer $USERTOKEN" -d
>> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
>> ence=api-server&permission=Sensortest#sensors:view"
>>
>>
{"error":"server_error","error_description":"Unexpected
error while
>> evaluating permissions"}
>>
>> On the server side I get:
>>
>> 12:42:11,821 ERROR
>> [org.keycloak.authorization.authorization.AuthorizationTokenService]
>> (default task-16) Unexpected error while evaluating permissions:
>> java.lang.NullPointerException
>> at
>> org.keycloak.authorization.util.Permissions.permits(Permissi
>> ons.java:194)
>> at
>> org.keycloak.authorization.authorization.AuthorizationTokenS
>> ervice.authorize(AuthorizationTokenService.java:173)
>> at
>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissio
>> nGrant(TokenEndpoint.java:1124)
>> at
>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGr
>> antRequest(TokenEndpoint.java:190)
>> at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>>
>> I got my token this way:
>> USERTOKEN=`curl -X POST -H "Content-Type:
>> application/x-www-form-urlencoded" -d
>> 'username=guest&password=guest&grant_type=password&client_id
>> =api-server&client_secret=xxx'
>>
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>> |
>> jq .access_token -r`
>>
>> This seems to happen for scope-based policies.
>>
>> Cheers
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>