Thank you Pedro ;)
Have a nice day,
Matteo
On Fri, Jul 26, 2019 at 9:47 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi,
I've created
https://issues.jboss.org/browse/KEYCLOAK-10949.
Regards.
Pedro Igor
On Fri, Jul 26, 2019 at 10:50 AM Matteo Restelli <mrestelli(a)cuebiq.com>
wrote:
> Hi all,
> We're noticing a strange behaviour during RPT call performed by our
> adapter. More specifically, we're getting a 500 HTTP Error with the
> following description: "Unexpected error while evaluating permissions:
> java.lang.RuntimeException: Error while reading attributes" and with a
> NullPointerException.
> I had a keycloak access token with 5 hours of expiration time and "SSO
> Session Idle time", in Keycloak, was set to 30 minutes. I know, it's a
> strange configuration, but we've used it just for testing purposes of the
> RPT / Authorization part.
> Once i've received the error, i've started thinking that the problem was
> probably due to the fact that the user's session was expired (i've notice
> the error after lunch where i've left the pc alone for about 1 hour), so
> i've tried to reproduce the error in this way:
>
> - Login via Resource Owner Password grant flow (via Postman)
> - Getting the token and calling our test microservice where the adapter
> was
> configured
> - RPT Call worked
> - After that, logout the user's session from the user admin console
> - Retried the call to the microservice with the same token
> - Received the 500 HTTP Error
>
> We're using Keycloak 6.0.1.
> I've a question about: is it right that error? In my opinion we should
> receive a 401, not 500...
>
> At the bottom you can find the stacktrace.
>
> Thank you very much,
> Matteo
>
>
> 12:58:23,179 ERROR
> [org.keycloak.authorization.authorization.AuthorizationTokenService]
> (default task-784) Unexpected error while evaluating permissions:
> java.lang.RuntimeException: Error while reading attributes from security
> token.
>
> at
>
>
org.keycloak.authorization.common.KeycloakIdentity.<init>(KeycloakIdentity.java:146)
>
> at
>
>
org.keycloak.authorization.common.KeycloakIdentity.<init>(KeycloakIdentity.java:69)
>
> at
>
>
org.keycloak.authorization.authorization.AuthorizationTokenService.lambda$static$1(AuthorizationTokenService.java:131)
>
> at
>
>
org.keycloak.authorization.authorization.AuthorizationTokenService.createEvaluationContext(AuthorizationTokenService.java:379)
>
> at
>
>
org.keycloak.authorization.authorization.AuthorizationTokenService.authorize(AuthorizationTokenService.java:160)
>
> at
>
>
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissionGrant(TokenEndpoint.java:1157)
>
> at
>
>
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:196)
>
> at sun.reflect.GeneratedMethodAccessor811.invoke(Unknown Source)
>
> at
>
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
>
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>
> at
>
>
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:510)
>
> at
>
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:400)
>
> at
>
>
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:364)
>
> at
>
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
>
> at
>
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:366)
>
> at
>
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338)
>
> at
>
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
>
> at
>
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
>
> at
>
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
>
> at
>
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>
> at
>
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:439)
>
> at
>
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
>
> at
>
>
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
>
> at
>
>
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
>
> at
>
>
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
>
> at
>
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
>
> at
>
>
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
>
> at
>
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
> at
>
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
>
> at
>
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
>
> at
>
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>
> at
>
>
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>
> at
>
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>
> at
>
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>
> at
>
>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>
> at
>
> io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
>
> at
>
>
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>
> at
>
>
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
> at
>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
>
>
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
>
> at
>
>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>
> at
>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
>
>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>
> at
>
>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>
> at
>
>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>
> at
>
>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>
> at
>
>
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>
> at
>
>
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>
> at
>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
>
>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
> at
>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
>
>
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
>
> at
>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>
> at
>
>
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>
> at
>
>
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>
> at
>
>
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
>
> at
>
>
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at
>
>
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at
>
>
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at
>
>
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>
> at
>
>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
>
> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
>
> at
>
>
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
>
> at
>
> org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
>
> at
>
>
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
>
> at
>
>
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
>
> at java.lang.Thread.run(Thread.java:748)
>
> Caused by: java.lang.NullPointerException
>
> --
>
> Like <
https://www.facebook.com/cuebiq/> I Follow
> <
https://twitter.com/Cuebiq>I Connect
> <
https://www.linkedin.com/company/cuebiq>
>
>
> This email is reserved
> exclusively for sending and receiving messages inherent working
> activities,
> and is not intended nor authorized for personal use. Therefore, any
> outgoing messages or incoming response messages will be treated as
> company
> messages and will be subject to the corporate IT policy and may possibly
> to
> be read by persons other than by the subscriber of the box. Confidential
> information may be contained in this message. If you are not the address
> indicated in this message, please do not copy or deliver this message to
> anyone. In such case, you should notify the sender immediately and delete
> the original message.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Like <
https://www.facebook.com/cuebiq/> I Follow
<
https://twitter.com/Cuebiq>I Connect
<
https://www.linkedin.com/company/cuebiq>
This email is reserved
exclusively for sending and receiving messages inherent working activities,
and is not intended nor authorized for personal use. Therefore, any
outgoing messages or incoming response messages will be treated as company
messages and will be subject to the corporate IT policy and may possibly to
be read by persons other than by the subscriber of the box. Confidential
information may be contained in this message. If you are not the address
indicated in this message, please do not copy or deliver this message to
anyone. In such case, you should notify the sender immediately and delete
the original message.