3:55 a.m.
Using a specific user admin account that is part of our Keycloak customers realm (not the
master realm) with permissions to edit users only (manage-users realm-management role)
whenever I click on a user in the Keycloak admin interface (Manage - Users) I get a
"Error! An unexpected server error has occurred” with the stacktrace below in the
logs. All actions do seem to work properly however. It also happens when I create a user,
but also there the user is created just fine it seems.
I am guessing it is a permission issue on some REST endpoint in the admin interface or
something?
[0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40)
RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No
resource method found for GET, return 405 with Allow header
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
at org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
4:24 a.m.
I guess you need to add "view-users" role as well?
For tracking, you can try to enable FF plugin like Firebug (or similar
in Chrome) and see what REST endpoint exactly returns 405 and what role
it requires.
Marek
On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
Using a specific user admin account that is part of our Keycloak
customers realm (not the master realm) with permissions to edit users only (manage-users
realm-management role) whenever I click on a user in the Keycloak admin interface (Manage
- Users) I get a "Error! An unexpected server error has occurred” with the stacktrace
below in the logs. All actions do seem to work properly however. It also happens when I
create a user, but also there the user is created just fine it seems.
I am guessing it is a permission issue on some REST endpoint in the admin interface or
something?
[0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40)
RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No
resource method found for GET, return 405 with Allow header
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
at org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:27 a.m.
Hi Marek,
Thanks for the quick reply. Sorry, forgot to mention that: I did also add the view-users
role. However the issue remains unfortunately.
Will try to find the endpoint in question and report back!
cheers
On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com>
wrote:
I guess you need to add "view-users" role as well?
For tracking, you can try to enable FF plugin like Firebug (or similar in Chrome) and see
what REST endpoint exactly returns 405 and what role it requires.
Marek
On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
> Using a specific user admin account that is part of our Keycloak customers realm (not
the master realm) with permissions to edit users only (manage-users realm-management role)
whenever I click on a user in the Keycloak admin interface (Manage - Users) I get a
"Error! An unexpected server error has occurred” with the stacktrace below in the
logs. All actions do seem to work properly however. It also happens when I create a user,
but also there the user is created just fine it seems.
>
> I am guessing it is a permission issue on some REST endpoint in the admin interface
or something?
>
>
> [0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40)
RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No
resource method found for GET, return 405 with Allow header
> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
> at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
6:33 a.m.
Hi Marek,
It’s the brute force detection REST endpoint that is causing the issue.
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar(a)info.nl
gives a: “Failed to load resource: the server responded with a status of 405 (Method Not
Allowed)"
On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar(a)info.nl>
wrote:
Hi Marek,
Thanks for the quick reply. Sorry, forgot to mention that: I did also add the view-users
role. However the issue remains unfortunately.
Will try to find the endpoint in question and report back!
cheers
> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com> wrote:
>
> I guess you need to add "view-users" role as well?
>
> For tracking, you can try to enable FF plugin like Firebug (or similar in Chrome) and
see what REST endpoint exactly returns 405 and what role it requires.
>
> Marek
>
> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>> Using a specific user admin account that is part of our Keycloak customers realm
(not the master realm) with permissions to edit users only (manage-users realm-management
role) whenever I click on a user in the Keycloak admin interface (Manage - Users) I get a
"Error! An unexpected server error has occurred” with the stacktrace below in the
logs. All actions do seem to work properly however. It also happens when I create a user,
but also there the user is created just fine it seems.
>>
>> I am guessing it is a permission issue on some REST endpoint in the admin
interface or something?
>>
>>
>> [0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException:
RESTEASY003650: No resource method found for GET, return 405 with Allow header
>> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>> at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:04 a.m.
Hi Edgar,
I was trying to reproduce, but wasn't able. The expected format to
invoke this endpoint should be
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users
/{userId} so I understand why it fails. But I am not seeing anything in
admin console UI, which invokes it from this format.
Feel free to create JIRA if you find steps to reproduce it from clean KC.
Marek
On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
Hi Marek,
It’s the brute force detection REST endpoint that is causing the issue.
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar(a)info.nl
gives a: “Failed to load resource: the server responded with a status of 405 (Method Not
Allowed)"
> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
>
> Hi Marek,
>
> Thanks for the quick reply. Sorry, forgot to mention that: I did also add the
view-users role. However the issue remains unfortunately.
>
> Will try to find the endpoint in question and report back!
>
> cheers
>
>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com> wrote:
>>
>> I guess you need to add "view-users" role as well?
>>
>> For tracking, you can try to enable FF plugin like Firebug (or similar in Chrome)
and see what REST endpoint exactly returns 405 and what role it requires.
>>
>> Marek
>>
>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>> Using a specific user admin account that is part of our Keycloak customers
realm (not the master realm) with permissions to edit users only (manage-users
realm-management role) whenever I click on a user in the Keycloak admin interface (Manage
- Users) I get a "Error! An unexpected server error has occurred” with the stacktrace
below in the logs. All actions do seem to work properly however. It also happens when I
create a user, but also there the user is created just fine it seems.
>>>
>>> I am guessing it is a permission issue on some REST endpoint in the admin
interface or something?
>>>
>>>
>>> [0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException:
RESTEASY003650: No resource method found for GET, return 405 with Allow header
>>> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>> at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>> at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2:41 a.m.
Hi Marek,
Very sorry, this was our fault. We were using an outdated and customized version of the
users.js file from Keycloak in our theme and this was causing the issue.
We do now see a somewhat related issue in that our user admin accounts (with the
manage-users realm-management role) now also see the ‘Configure - User Federation’ menu
item and are actually able to change some (but not all) settings in our user federation
(and can even delete them I think). Maybe any ideas on how to make sure these users no
longer get access to Configure - User Federation?
cheers
Edgar
On 08 Sep 2016, at 14:04, Marek Posolda <mposolda(a)redhat.com>
wrote:
Hi Edgar,
I was trying to reproduce, but wasn't able. The expected format to invoke this
endpoint should be /auth/admin/realms/our-custom-realm/attack-detection/brute-force/users
/{userId} so I understand why it fails. But I am not seeing anything in admin console UI,
which invokes it from this format.
Feel free to create JIRA if you find steps to reproduce it from clean KC.
Marek
On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
> Hi Marek,
>
> It’s the brute force detection REST endpoint that is causing the issue.
>
>
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar(a)info.nl
>
> gives a: “Failed to load resource: the server responded with a status of 405 (Method
Not Allowed)"
>
>
>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
>>
>> Hi Marek,
>>
>> Thanks for the quick reply. Sorry, forgot to mention that: I did also add the
view-users role. However the issue remains unfortunately.
>>
>> Will try to find the endpoint in question and report back!
>>
>> cheers
>>
>>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com> wrote:
>>>
>>> I guess you need to add "view-users" role as well?
>>>
>>> For tracking, you can try to enable FF plugin like Firebug (or similar in
Chrome) and see what REST endpoint exactly returns 405 and what role it requires.
>>>
>>> Marek
>>>
>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>> Using a specific user admin account that is part of our Keycloak
customers realm (not the master realm) with permissions to edit users only (manage-users
realm-management role) whenever I click on a user in the Keycloak admin interface (Manage
- Users) I get a "Error! An unexpected server error has occurred” with the stacktrace
below in the logs. All actions do seem to work properly however. It also happens when I
create a user, but also there the user is created just fine it seems.
>>>>
>>>> I am guessing it is a permission issue on some REST endpoint in the admin
interface or something?
>>>>
>>>>
>>>> [0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException:
RESTEASY003650: No resource method found for GET, return 405 with Allow header
>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>>> at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>>> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>>> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>> at java.lang.Thread.run(Thread.java:745)
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
3:20 a.m.
It seems that for view/update UserFederation, we currently require
permissions to "view-users" or "manage-users" . This looks like a bug
as
admin, who is able just to manage users, shouldn't be allowed to manage
user federation providers. It seems this should either be "view-realm"
or "manage-realm" or separate dedicated roles for user federation
providers.
Could you please create JIRA?
Thanks,
Marek
On 14/09/16 09:41, Edgar Vonk - Info.nl wrote:
Hi Marek,
Very sorry, this was our fault. We were using an outdated and customized version of the
users.js file from Keycloak in our theme and this was causing the issue.
We do now see a somewhat related issue in that our user admin accounts (with the
manage-users realm-management role) now also see the ‘Configure - User Federation’ menu
item and are actually able to change some (but not all) settings in our user federation
(and can even delete them I think). Maybe any ideas on how to make sure these users no
longer get access to Configure - User Federation?
cheers
Edgar
> On 08 Sep 2016, at 14:04, Marek Posolda <mposolda(a)redhat.com> wrote:
>
> Hi Edgar,
>
> I was trying to reproduce, but wasn't able. The expected format to invoke this
endpoint should be /auth/admin/realms/our-custom-realm/attack-detection/brute-force/users
/{userId} so I understand why it fails. But I am not seeing anything in admin console UI,
which invokes it from this format.
>
> Feel free to create JIRA if you find steps to reproduce it from clean KC.
>
> Marek
>
> On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
>> Hi Marek,
>>
>> It’s the brute force detection REST endpoint that is causing the issue.
>>
>>
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar(a)info.nl
>>
>> gives a: “Failed to load resource: the server responded with a status of 405
(Method Not Allowed)"
>>
>>
>>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
>>>
>>> Hi Marek,
>>>
>>> Thanks for the quick reply. Sorry, forgot to mention that: I did also add the
view-users role. However the issue remains unfortunately.
>>>
>>> Will try to find the endpoint in question and report back!
>>>
>>> cheers
>>>
>>>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com>
wrote:
>>>>
>>>> I guess you need to add "view-users" role as well?
>>>>
>>>> For tracking, you can try to enable FF plugin like Firebug (or similar in
Chrome) and see what REST endpoint exactly returns 405 and what role it requires.
>>>>
>>>> Marek
>>>>
>>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>>> Using a specific user admin account that is part of our Keycloak
customers realm (not the master realm) with permissions to edit users only (manage-users
realm-management role) whenever I click on a user in the Keycloak admin interface (Manage
- Users) I get a "Error! An unexpected server error has occurred” with the stacktrace
below in the logs. All actions do seem to work properly however. It also happens when I
create a user, but also there the user is created just fine it seems.
>>>>>
>>>>> I am guessing it is a permission issue on some REST endpoint in the
admin interface or something?
>>>>>
>>>>>
>>>>> [0m[31m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException:
RESTEASY003650: No resource method found for GET, return 405 with Allow header
>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>>>> at
org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>>>> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>>>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>>>> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>>>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>>>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
5:24 a.m.
Ok, thanks! I created https://issues.jboss.org/browse/KEYCLOAK-3576
On 14 Sep 2016, at 10:20, Marek Posolda <mposolda(a)redhat.com>
wrote:
It seems that for view/update UserFederation, we currently require permissions to
"view-users" or "manage-users" . This looks like a bug as admin, who
is able just to manage users, shouldn't be allowed to manage user federation
providers. It seems this should either be "view-realm" or
"manage-realm" or separate dedicated roles for user federation providers.
Could you please create JIRA?
Thanks,
Marek
On 14/09/16 09:41, Edgar Vonk - Info.nl wrote:
> Hi Marek,
>
> Very sorry, this was our fault. We were using an outdated and customized version of
the users.js file from Keycloak in our theme and this was causing the issue.
>
> We do now see a somewhat related issue in that our user admin accounts (with the
manage-users realm-management role) now also see the ‘Configure - User Federation’ menu
item and are actually able to change some (but not all) settings in our user federation
(and can even delete them I think). Maybe any ideas on how to make sure these users no
longer get access to Configure - User Federation?
>
> cheers
>
> Edgar
>
>
>> On 08 Sep 2016, at 14:04, Marek Posolda <mposolda(a)redhat.com> wrote:
>>
>> Hi Edgar,
>>
>> I was trying to reproduce, but wasn't able. The expected format to invoke
this endpoint should be
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users /{userId} so I
understand why it fails. But I am not seeing anything in admin console UI, which invokes
it from this format.
>>
>> Feel free to create JIRA if you find steps to reproduce it from clean KC.
>>
>> Marek
>>
>> On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
>>> Hi Marek,
>>>
>>> It’s the brute force detection REST endpoint that is causing the issue.
>>>
>>>
/auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar(a)info.nl
>>>
>>> gives a: “Failed to load resource: the server responded with a status of 405
(Method Not Allowed)"
>>>
>>>
>>>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar(a)info.nl>
wrote:
>>>>
>>>> Hi Marek,
>>>>
>>>> Thanks for the quick reply. Sorry, forgot to mention that: I did also add
the view-users role. However the issue remains unfortunately.
>>>>
>>>> Will try to find the endpoint in question and report back!
>>>>
>>>> cheers
>>>>
>>>>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda(a)redhat.com>
wrote:
>>>>>
>>>>> I guess you need to add "view-users" role as well?
>>>>>
>>>>> For tracking, you can try to enable FF plugin like Firebug (or
similar in Chrome) and see what REST endpoint exactly returns 405 and what role it
requires.
>>>>>
>>>>> Marek
>>>>>
>>>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>>>> Using a specific user admin account that is part of our Keycloak
customers realm (not the master realm) with permissions to edit users only (manage-users
realm-management role) whenever I click on a user in the Keycloak admin interface (Manage
- Users) I get a "Error! An unexpected server error has occurred” with the stacktrace
below in the logs. All actions do seem to work properly however. It also happens when I
create a user, but also there the user is created just fine it seems.
>>>>>>
>>>>>> I am guessing it is a permission issue on some REST endpoint in
the admin interface or something?
>>>>>>
>>>>>>
>>>>>> [0m[31m08:14:06,715 ERROR
[org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40) RESTEASY002010: Failed to
execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No resource method found for
GET, return 405 with Allow header
>>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>>>>> at
org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>>>>> at
org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>>>>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>>>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>>>>> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>>>>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>>>>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>>>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>>>>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>>>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>>>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>>>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>>>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
6:16 a.m.
I changed that to an enhancement request as it's not a bug. It was intended
to use view/manage-users role, but that can be questioned.
On 14 September 2016 at 12:24, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
Ok, thanks! I created https://issues.jboss.org/browse/KEYCLOAK-3576
> On 14 Sep 2016, at 10:20, Marek Posolda <mposolda(a)redhat.com> wrote:
>
> It seems that for view/update UserFederation, we currently require
permissions to "view-users" or "manage-users" . This looks like a bug
as
admin, who is able just to manage users, shouldn't be allowed to manage
user federation providers. It seems this should either be "view-realm" or
"manage-realm" or separate dedicated roles for user federation providers.
>
> Could you please create JIRA?
>
> Thanks,
> Marek
>
> On 14/09/16 09:41, Edgar Vonk - Info.nl wrote:
>> Hi Marek,
>>
>> Very sorry, this was our fault. We were using an outdated and
customized version of the users.js file from Keycloak in our theme and this
was causing the issue.
>>
>> We do now see a somewhat related issue in that our user admin accounts
(with the manage-users realm-management role) now also see the ‘Configure -
User Federation’ menu item and are actually able to change some (but not
all) settings in our user federation (and can even delete them I think).
Maybe any ideas on how to make sure these users no longer get access to
Configure - User Federation?
>>
>> cheers
>>
>> Edgar
>>
>>
>>> On 08 Sep 2016, at 14:04, Marek Posolda <mposolda(a)redhat.com> wrote:
>>>
>>> Hi Edgar,
>>>
>>> I was trying to reproduce, but wasn't able. The expected format to
invoke this endpoint should be /auth/admin/realms/our-custom-
realm/attack-detection/brute-force/users /{userId} so I understand why it
fails. But I am not seeing anything in admin console UI, which invokes it
from this format.
>>>
>>> Feel free to create JIRA if you find steps to reproduce it from clean
KC.
>>>
>>> Marek
>>>
>>> On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
>>>> Hi Marek,
>>>>
>>>> It’s the brute force detection REST endpoint that is causing the
issue.
>>>>
>>>> /auth/admin/realms/our-custom-realm/attack-detection/brute-
force/users?username=edgar(a)info.nl
>>>>
>>>> gives a: “Failed to load resource: the server responded with a status
of 405 (Method Not Allowed)"
>>>>
>>>>
>>>>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl
<Edgar(a)info.nl>
wrote:
>>>>>
>>>>> Hi Marek,
>>>>>
>>>>> Thanks for the quick reply. Sorry, forgot to mention that: I did
also add the view-users role. However the issue remains unfortunately.
>>>>>
>>>>> Will try to find the endpoint in question and report back!
>>>>>
>>>>> cheers
>>>>>
>>>>>> On 07 Sep 2016, at 11:24, Marek Posolda
<mposolda(a)redhat.com>
wrote:
>>>>>>
>>>>>> I guess you need to add "view-users" role as well?
>>>>>>
>>>>>> For tracking, you can try to enable FF plugin like Firebug (or
similar in Chrome) and see what REST endpoint exactly returns 405 and what
role it requires.
>>>>>>
>>>>>> Marek
>>>>>>
>>>>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>>>>> Using a specific user admin account that is part of our
Keycloak
customers realm (not the master realm) with permissions to edit users only
(manage-users realm-management role) whenever I click on a user in the
Keycloak admin interface (Manage - Users) I get a "Error! An unexpected
server error has occurred” with the stacktrace below in the logs. All
actions do seem to work properly however. It also happens when I create a
user, but also there the user is created just fine it seems.
>>>>>>>
>>>>>>> I am guessing it is a permission issue on some REST endpoint
in
the admin interface or something?
>>>>>>>
>>>>>>>
>>>>>>> [0m [31m08:14:06,715 ERROR
[org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException:
RESTEASY003650: No resource method found for GET, return 405 with Allow
header
>>>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(
SegmentNode.java:377)
>>>>>>> at
org.jboss.resteasy.core.registry.SegmentNode.match(
SegmentNode.java:116)
>>>>>>> at org.jboss.resteasy.core.registry.RootNode.match(
RootNode.java:43)
>>>>>>> at org.jboss.resteasy.core.LocatorRegistry.
getResourceInvoker(LocatorRegistry.java:79)
>>>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:107)
>>>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:107)
>>>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>>>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
>>>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
>>>>>>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
>>>>>>> at org.jboss.resteasy.plugins.server.servlet.
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>>>>> at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>>> at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>>> at javax.servlet.http.HttpServlet.service(
HttpServlet.java:790)
>>>>>>> at io.undertow.servlet.handlers.
ServletHandler.handleRequest(ServletHandler.java:85)
>>>>>>> at io.undertow.servlet.handlers.
FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>>>>> at org.keycloak.services.filters.
KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.
java:90)
>>>>>>> at io.undertow.servlet.core.ManagedFilter.doFilter(
ManagedFilter.java:60)
>>>>>>> at io.undertow.servlet.handlers.
FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>>>>> at io.undertow.servlet.handlers.
FilterHandler.handleRequest(FilterHandler.java:84)
>>>>>>> at io.undertow.servlet.handlers.security.
ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.
java:62)
>>>>>>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.
handleRequest(ServletDispatchingHandler.java:36)
>>>>>>> at org.wildfly.extension.undertow.security.
SecurityContextAssociationHandler.handleRequest(
SecurityContextAssociationHandler.java:78)
>>>>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43)
>>>>>>> at io.undertow.servlet.handlers.security.
SSLInformationAssociationHandler.handleRequest(
SSLInformationAssociationHandler.java:131)
>>>>>>> at io.undertow.servlet.handlers.security.
ServletAuthenticationCallHandler.handleRequest(
ServletAuthenticationCallHandler.java:57)
>>>>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43)
>>>>>>> at io.undertow.security.handlers.
AbstractConfidentialityHandler.handleRequest(
AbstractConfidentialityHandler.java:46)
>>>>>>> at io.undertow.servlet.handlers.security.
ServletConfidentialityConstraintHandler.handleRequest(
ServletConfidentialityConstraintHandler.java:64)
>>>>>>> at io.undertow.security.handlers.
AuthenticationMechanismsHandler.handleRequest(
AuthenticationMechanismsHandler.java:60)
>>>>>>> at io.undertow.servlet.handlers.security.
CachedAuthenticatedSessionHandler.handleRequest(
CachedAuthenticatedSessionHandler.java:77)
>>>>>>> at io.undertow.security.handlers.
NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.
java:50)
>>>>>>> at io.undertow.security.handlers.
AbstractSecurityContextAssociationHandler.handleRequest(
AbstractSecurityContextAssociationHandler.java:43)
>>>>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43)
>>>>>>> at org.wildfly.extension.undertow.security.jacc.
JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43)
>>>>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43)
>>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.
handleFirstRequest(ServletInitialHandler.java:284)
>>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.
dispatchRequest(ServletInitialHandler.java:263)
>>>>>>> at io.undertow.servlet.handlers.
ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.
handleRequest(ServletInitialHandler.java:174)
>>>>>>> at io.undertow.server.Connectors.
executeRootHandler(Connectors.java:202)
>>>>>>> at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
>>>>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
>>>>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
>>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3497
days inactive
3504
days old
8 comments
3 participants
participants (3)
-
Edgar Vonk - Info.nl -
Marek Posolda -
Stian Thorgersen