Using keycloak-spring-boot-starter throws NullPointerException when “keycloak.enabled = false” in spring boot application.properties
6:35 a.m.
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with “spring-boot-starter-security
V1.5.8.RELEASE”, I’m getting NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really defect in keycloak
adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig in Example
section (A).
· Disable keycloak in spring boot’s Application property as “keycloak.enabled =
false”
Expected Result –
· When Keycloak is disabled, spring security should handle authentication OR
should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:55)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:164)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like
“KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s filters when
“keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level by defining on
SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
9:02 a.m.
keycloak.enable property only works for the Spring Boot Adapter, not for
the Spring Security Adapter. There is already a ticket opened to align the
feature.
On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with
“spring-boot-starter-security V1.5.8.RELEASE”, I’m getting
NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really
defect in keycloak adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig
in Example section (A).
· Disable keycloak in spring boot’s Application property as
“keycloak.enabled = false”
Expected Result –
· When Keycloak is disabled, spring security should handle
authentication OR should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
KeycloakDeploymentBuilder.java:55) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
KeycloakDeploymentBuilder.java:164) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolv
er.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.AdapterDeploymentContext.
resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(
PreAuthActionsHandler.java:107) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springsecurity.filter.
KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at org.springframework.security.web.FilterChainProxy$
VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.
doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-4.2.3.
RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.
doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.12.RELEASE.
jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like “
KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s
filters when “keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level
by defining on SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws
Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new
SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(
SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy(
))
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:01 p.m.
I believe I’m using Spring-boot Adapter here “keycloak-spring-boot-starter v3.4.0.Final”
so as per your comment “keycloak.enabled” property should work out of the box here.
Did I miss understood something here ..
-Rahul
From: Sebastien Blanc [mailto:sblanc@redhat.com]
Sent: Wednesday, November 29, 2017 8:32 PM
To: Pharande Rahul
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
keycloak.enable property only works for the Spring Boot Adapter, not for the Spring
Security Adapter. There is already a ticket opened to align the feature.
On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul
<rahul.pharande@gi-de.com<mailto:rahul.pharande@gi-de.com>> wrote:
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with “spring-boot-starter-security
V1.5.8.RELEASE”, I’m getting NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really defect in keycloak
adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig in Example
section (A).
· Disable keycloak in spring boot’s Application property as “keycloak.enabled =
false”
Expected Result –
· When Keycloak is disabled, spring security should handle authentication OR
should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:55)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:164)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like
“KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s filters when
“keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level by defining on
SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:29 a.m.
The Spring Boot Starter bundles Spring Boot Adapter and Spring Security
Adapter. I admit it can be confusing but we will fix this soon.
On Thu, Nov 30, 2017 at 6:01 AM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
I believe I’m using Spring-boot Adapter here
“keycloak-spring-boot-starter
v3.4.0.Final” so as per your comment “keycloak.enabled” property should
work out of the box here.
Did I miss understood something here ..
-Rahul
*From:* Sebastien Blanc [mailto:sblanc@redhat.com]
*Sent:* Wednesday, November 29, 2017 8:32 PM
*To:* Pharande Rahul
*Cc:* keycloak-user(a)lists.jboss.org
*Subject:* Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
keycloak.enable property only works for the Spring Boot Adapter, not for
the Spring Security Adapter. There is already a ticket opened to align the
feature.
On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with
“spring-boot-starter-security V1.5.8.RELEASE”, I’m getting
NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really
defect in keycloak adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig
in Example section (A).
· Disable keycloak in spring boot’s Application property as
“keycloak.enabled = false”
Expected Result –
· When Keycloak is disabled, spring security should handle
authentication OR should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
KeycloakDeploymentBuilder.java:55) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
KeycloakDeploymentBuilder.java:164) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolv
er.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.AdapterDeploymentContext.
resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(
PreAuthActionsHandler.java:107) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springsecurity.filter.
KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at org.springframework.security.web.FilterChainProxy$
VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.
doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-4.2.3.
RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.
doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.12.RELEASE.
jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like “
KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s
filters when “keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level
by defining on SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws
Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new
SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(
SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy(
))
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:19 a.m.
As you said there is ticket open for same, could you please point me out to respective
ticket so that I can refer it for further tracking.
From: Sebastien Blanc [mailto:sblanc@redhat.com]
Sent: Thursday, November 30, 2017 12:00 PM
To: Pharande Rahul
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
The Spring Boot Starter bundles Spring Boot Adapter and Spring Security Adapter. I admit
it can be confusing but we will fix this soon.
On Thu, Nov 30, 2017 at 6:01 AM, Pharande Rahul
<rahul.pharande@gi-de.com<mailto:rahul.pharande@gi-de.com>> wrote:
I believe I’m using Spring-boot Adapter here “keycloak-spring-boot-starter v3.4.0.Final”
so as per your comment “keycloak.enabled” property should work out of the box here.
Did I miss understood something here ..
-Rahul
From: Sebastien Blanc [mailto:sblanc@redhat.com<mailto:sblanc@redhat.com>]
Sent: Wednesday, November 29, 2017 8:32 PM
To: Pharande Rahul
Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
keycloak.enable property only works for the Spring Boot Adapter, not for the Spring
Security Adapter. There is already a ticket opened to align the feature.
On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul
<rahul.pharande@gi-de.com<mailto:rahul.pharande@gi-de.com>> wrote:
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with “spring-boot-starter-security
V1.5.8.RELEASE”, I’m getting NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really defect in keycloak
adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig in Example
section (A).
· Disable keycloak in spring boot’s Application property as “keycloak.enabled =
false”
Expected Result –
· When Keycloak is disabled, spring security should handle authentication OR
should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:55)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:164)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like
“KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s filters when
“keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level by defining on
SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:21 a.m.
https://issues.jboss.org/browse/KEYCLOAK-5736
On Thu, Nov 30, 2017 at 12:19 PM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
As you said there is ticket open for same, could you please point me
out
to respective ticket so that I can refer it for further tracking.
*From:* Sebastien Blanc [mailto:sblanc@redhat.com]
*Sent:* Thursday, November 30, 2017 12:00 PM
*To:* Pharande Rahul
*Cc:* keycloak-user(a)lists.jboss.org
*Subject:* Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
The Spring Boot Starter bundles Spring Boot Adapter and Spring Security
Adapter. I admit it can be confusing but we will fix this soon.
On Thu, Nov 30, 2017 at 6:01 AM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
I believe I’m using Spring-boot Adapter here “keycloak-spring-boot-starter
v3.4.0.Final” so as per your comment “keycloak.enabled” property should
work out of the box here.
Did I miss understood something here ..
-Rahul
*From:* Sebastien Blanc [mailto:sblanc@redhat.com]
*Sent:* Wednesday, November 29, 2017 8:32 PM
*To:* Pharande Rahul
*Cc:* keycloak-user(a)lists.jboss.org
*Subject:* Re: [keycloak-user] Using keycloak-spring-boot-starter throws
NullPointerException when “keycloak.enabled = false” in spring boot
application.properties
keycloak.enable property only works for the Spring Boot Adapter, not for
the Spring Security Adapter. There is already a ticket opened to align the
feature.
On Wed, Nov 29, 2017 at 1:35 PM, Pharande Rahul <rahul.pharande(a)gi-de.com>
wrote:
Hi,
While using “keycloak-spring-boot-starter v3.4.0.Final” with
“spring-boot-starter-security V1.5.8.RELEASE”, I’m getting
NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really
defect in keycloak adapter.
Precondition –
· Application configured to use spring-security with
KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig
in Example section (A).
· Disable keycloak in spring boot’s Application property as
“keycloak.enabled = false”
Expected Result –
· When Keycloak is disabled, spring security should handle
authentication OR should not perform authentication.
Actual Result –
java.lang.NullPointerException: null
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
KeycloakDeploymentBuilder.java:55) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
KeycloakDeploymentBuilder.java:164) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolv
er.resolve(KeycloakSpringBootConfigResolver.java:37)
~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.AdapterDeploymentContext.
resolveDeployment(AdapterDeploymentContext.java:88)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(
PreAuthActionsHandler.java:107) ~[keycloak-adapter-core-3.4.0.
Final.jar!/:3.4.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
at org.keycloak.adapters.springsecurity.filter.
KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81)
~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
at org.springframework.security.web.FilterChainProxy$
VirtualFilterChain.doFilter(FilterChainProxy.java:331)
~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.
doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-4.2.3.
RELEASE.jar!/:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.
doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.12.RELEASE.
jar!/:4.3.12.RELEASE]
What can be done here:
· Ideal Option: Keycloak adapter classes like “
KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s
filters when “keycloak.enabled” property is false.
· Temporary Option: we can handle this at application config level
by defining on SecurityConfig class
o @ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true")
Example Section A:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws
Exception {
KeycloakAuthenticationProvider keyCloakAuthProvider =
keycloakAuthenticationProvider();
keyCloakAuthProvider.setGrantedAuthoritiesMapper(new
SimpleAuthorityMapper());
auth.authenticationProvider(keyCloakAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.sessionManagement().sessionCreationPolicy(
SessionCreationPolicy.STATELESS)
.sessionAuthenticationStrategy(sessionAuthenticationStrategy(
))
.and()
.authorizeRequests()
.antMatchers("/test*").hasRole("ADMIN")
.anyRequest().permitAll();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeyCloakConfigResolver(){
return new KeycloakSpringBootConfigResolver();
}
}
Thanks and Regards.
Rahul Pharande
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2596
days inactive
2597
days old
5 comments
2 participants
participants (2)
-
Pharande Rahul -
Sebastien Blanc