[keycloak-user] Occasional NPE while retrieving token

Orestis Tsakiridis orestis.tsakiridis at telestax.com
Fri Sep 4 04:54:16 EDT 2015


Hi Marek,

Hmmm, indeed, that happens after having deleted clients. But, i haven't
defined any composite roles.  The rest of the REST api operation i've used
don't seem to trigger it.

But wait! i think you rung a bell. The clients i remove have their own
application-level roles created and bound to them. They are not composite
though in the strict sense of the term. Possibly the user that tries to get
a token is also assigned these roles. Btw, is it proper practice to remove
a client without removing its own application roles first?

Also, I'm using the default H2 DB setup.

I will try to reproduce and post my findings to this thread.


Thanks Marek

Orestis

On Wed, Sep 2, 2015 at 4:45 PM, Marek Posolda <mposolda at redhat.com> wrote:

> It looks you deleted some client, but his composite roles were not
> properly deleted. It might be a bug though, but not sure. It will be cool
> if you can provide more detailed steps to reproduce. Are you using default
> H2 DB or some else?
>
> Thanks,
> Marek
>
>
> On 02/09/15 11:25, Orestis Tsakiridis wrote:
>
> Hello,
>
> I'm experiencing a strange error while trying to retrieve a token.
> Although initially the application may function properly and tokens issued
> normally, something happens when i use the Admin REST api that triggers the
> error. After that no tokens can be issued and an NPE appears in the log.
> Usually this happens after trying to drop some clients.
>
> Btw, i'm using keycloak-1.4.0.Final.
>
> Here is the command i use to get the token:
>
> curl -k -X POST
> https://identity.restcomm.com/auth/realms/restcomm/protocol/openid-connect/token
> -d "grant_type=password" -d "client_id=restcomm-identity-rest" -d
> "username=otsakir" -d "password=...."
>
> And here is what i get in the logs:
>
> 09:12:36,414 ERROR [io.undertow.request] (default task-4) UT005023:
> Exception handling request to
> /auth/realms/restcomm/protocol/openid-connect/token:
> java.lang.RuntimeException: request path:
> /auth/realms/restcomm/protocol/openid-connect/token
>     at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:73)
>     at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>     at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>     at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
>     at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>     at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
>     at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     at
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>     at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
>     at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
>     at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
>     at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
>     at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>     at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
>     at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>     at java.lang.Thread.run(Thread.java:745)
> Caused by: org.jboss.resteasy.spi.UnhandledException:
> java.lang.NullPointerException
>     at
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>     at
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>     at
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
>     at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
>     at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
>     at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
>     at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>     at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
>     at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
>     at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:59)
>     ... 29 more
> Caused by: java.lang.NullPointerException
>     at
> org.keycloak.protocol.oidc.TokenManager.addComposites(TokenManager.java:353)
>     at
> org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:193)
>     at
> org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateAccessToken(TokenManager.java:412)
>     at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:358)
>     at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:113)
>     at sun.reflect.GeneratedMethodAccessor204.invoke(Unknown Source)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:606)
>     at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
>     at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
>     at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
>     at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
>     at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>     at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>     at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
>     at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
>     ... 37 more
>
>
> Regards
>
> Orestis
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150904/6c6a034d/attachment-0001.html 


More information about the keycloak-user mailing list