[JBoss JIRA] (ARTIF-748) Web UI: Refresh to /login when Keycloak token expires
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated ARTIF-748:
------------------------------
Fix Version/s: (was: 1.0.0.Beta3)
> Web UI: Refresh to /login when Keycloak token expires
> -----------------------------------------------------
>
> Key: ARTIF-748
> URL: https://issues.jboss.org/browse/ARTIF-748
> Project: Artificer
> Issue Type: Task
> Reporter: Brett Meyer
> Assignee: Brett Meyer
>
> If the token expires, the server spits out:
> 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
> The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
> APIMan checks for a 401 response code and automatically refreshes the browser to combat this. However, I'm not sure if that's possible in this case. Our use of Errai's "Caller" pattern isn't kicking in for these errors (completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level issue with the GWT marshaller.
> Idea: Have a pure Javascript loop "ping" the UI services and check the response.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-748) Web UI: Refresh to /login when Keycloak token expires
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated ARTIF-748:
------------------------------
Description:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
APIMan checks for a 401 response code and automatically refreshes the browser to combat this. However, I'm not sure if that's possible in this case. Our use of Errai's "Caller" pattern isn't kicking in for these errors (completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level issue with the GWT marshaller.
Idea: Have a pure Javascript loop "ping" the UI services and check the response.
was:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
APIMan uses
> Web UI: Refresh to /login when Keycloak token expires
> -----------------------------------------------------
>
> Key: ARTIF-748
> URL: https://issues.jboss.org/browse/ARTIF-748
> Project: Artificer
> Issue Type: Task
> Reporter: Brett Meyer
> Assignee: Brett Meyer
> Fix For: 1.0.0.Beta3
>
>
> If the token expires, the server spits out:
> 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
> The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
> APIMan checks for a 401 response code and automatically refreshes the browser to combat this. However, I'm not sure if that's possible in this case. Our use of Errai's "Caller" pattern isn't kicking in for these errors (completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level issue with the GWT marshaller.
> Idea: Have a pure Javascript loop "ping" the UI services and check the response.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-748) Web UI: Refresh to /login when Keycloak token expires
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated ARTIF-748:
------------------------------
Description:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
APIMan uses
was:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
Errai then reports an uncaught
> Web UI: Refresh to /login when Keycloak token expires
> -----------------------------------------------------
>
> Key: ARTIF-748
> URL: https://issues.jboss.org/browse/ARTIF-748
> Project: Artificer
> Issue Type: Task
> Reporter: Brett Meyer
> Assignee: Brett Meyer
> Fix For: 1.0.0.Beta3
>
>
> If the token expires, the server spits out:
> 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
> The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML.
> APIMan uses
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-748) Web UI: Refresh to /login when Keycloak token expires
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated ARTIF-748:
------------------------------
Description:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
Errai then reports an uncaught
was:
Happens in a matter of minutes
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
> Web UI: Refresh to /login when Keycloak token expires
> -----------------------------------------------------
>
> Key: ARTIF-748
> URL: https://issues.jboss.org/browse/ARTIF-748
> Project: Artificer
> Issue Type: Task
> Reporter: Brett Meyer
> Assignee: Brett Meyer
> Fix For: 1.0.0.Beta3
>
>
> If the token expires, the server spits out:
> 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
> Errai then reports an uncaught
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-748) Web UI: Refresh to /login when Keycloak token expires
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated ARTIF-748:
------------------------------
Summary: Web UI: Refresh to /login when Keycloak token expires (was: Keycloak's token expires really quickly)
> Web UI: Refresh to /login when Keycloak token expires
> -----------------------------------------------------
>
> Key: ARTIF-748
> URL: https://issues.jboss.org/browse/ARTIF-748
> Project: Artificer
> Issue Type: Task
> Reporter: Brett Meyer
> Assignee: Brett Meyer
> Fix For: 1.0.0.Beta3
>
>
> Happens in a matter of minutes
> 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-749) HibernateAuditor fails to handle property/classifier updates
by Brett Meyer (JIRA)
Brett Meyer created ARTIF-749:
---------------------------------
Summary: HibernateAuditor fails to handle property/classifier updates
Key: ARTIF-749
URL: https://issues.jboss.org/browse/ARTIF-749
Project: Artificer
Issue Type: Bug
Affects Versions: 1.0.0.Beta2
Reporter: Brett Meyer
Assignee: Brett Meyer
Fix For: 1.0.0.Beta3
When the original ArtificerArtifact is given to HibernateAuditor, it incorrectly uses the actual collection references as its snapshot. When these are changed, the references change as well, so the diff doesn't see the modifications.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months
[JBoss JIRA] (ARTIF-748) Keycloak's token expires really quickly
by Brett Meyer (JIRA)
Brett Meyer created ARTIF-748:
---------------------------------
Summary: Keycloak's token expires really quickly
Key: ARTIF-748
URL: https://issues.jboss.org/browse/ARTIF-748
Project: Artificer
Issue Type: Task
Reporter: Brett Meyer
Assignee: Brett Meyer
Fix For: 1.0.0.Beta3
Happens in a matter of minutes
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
9 years, 5 months