[keycloak-user] EJB Invalid User + Log Out not working
Stian Thorgersen
sthorger at redhat.com
Fri Mar 11 01:29:10 EST 2016
On 10 March 2016 at 20:19, Firdos Ali <ali at affordabletours.com> wrote:
> Hello,
>
>
>
> I am having a few problems with Keycloak. Let me first start with the
> environment information:
>
>
>
> Keycloak version: 1.9.0
>
> Keycloak wildfly version: 10.0.0
>
>
>
> Application wildfly version: 8.0.0
>
>
>
> *Problem 1: EJB error - javax.ejb.EJBAccessException: JBAS013323: Invalid
> User*
>
> I have followed the documentation by adding the keycloak adapter to the
> application wildfly 8.0 and by server.xml has the following:
>
>
>
> <extensions>
> ….
> <extension module="org.keycloak.keycloak-adapter-subsystem"/>
> </extensions>
>
> <profile>
> <subsystem xmlns="urn:jboss:domain:security:1.2">
> ….
> <security-domain name="keycloak">
> <authentication>
> <login-module
> code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
> </authentication>
> </security-domain>
> </security-domains>
> </subsystem>
> …
> <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
> </profile>
>
> MyEJB:
> @Stateless
>
> @Local(MyInt.*class*)
>
> @SecurityDomain("keycloak")
> *public* *class* MyBean *implements* MyInt
>
> ...
>
> @PermitAll
>
> @TransactionAttribute(TransactionAttributeType.*REQUIRES_NEW*)
>
> *public* boolean myMethod(...) *throws* Exception {
>
> }
>
>
>
> At the moment I am not using jboss-ej3.xml as I reference the security
> domain in my EJB class. I added it and it did not help out
>
>
>
> Stacktrace:
>
> ERROR [org.jboss.as.ejb3.invocation] (default task-13) JBAS014134: EJB
> Invocation failed on component MyBean for method public abstract boolean
> com.at.ejb.MyInt.myMethod(…) throws java.lang.Exception:
> javax.ejb.EJBAccessException: JBAS013323: Invalid User
>
> at
> org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:66)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:46)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:92)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
> [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
>
> at
> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:448)
>
> at
> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
>
> at
> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> at
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>
> at
> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)
>
> at
> org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182)
>
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
>
> Is there something I am missing from the documentation? Any thoughts how
> to resolve this issue?
>
Is there a bearer token sent with the request that invokes the EJB? If so
try with 1.9.1. Could be https://issues.jboss.org/browse/KEYCLOAK-2518
fixes this.
> *Problem 2: Unable to log out a user from keycloak administration console:*
>
> After I click “Logout” on the administration console in Keycloak, I see
> the following error on the keycloak server:
>
> ERROR [io.undertow.request] (default task-26) UT005023: Exception handling
> request to
> /auth/admin/realms/affordabletours/sessions/f1e69f90-03fc-453d-a495-225bb0c429ab:
> org.jboss.resteasy.spi.UnhandledException: java.lang.NoSuchMethodError:
> org.apache.http.impl.client.HttpClientBuilder.setConnectionTimeToLive(JLjava/util/concurrent/TimeUnit;)Lorg/apache/http/impl/client/HttpClientBuilder;
> at
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>
Are you using the standalone Keycloak server? Looking at javadocs for
httpclient setConnectionTimeToLive was added in 4.4. WildFly 10 uses
httpclient 4.5, so looks like for some reason you have an old version of
httpclient.
>
> Best regards,
>
> *AffordableTours.com* <http://www.affordabletours.com/>
> Firdos Ali
> Senior Project Manager
> 11150 Cash Road
> Stafford, TX 77477
> Toll Free (800) 935-2620 X181
> Direct (281) 269-2681
> Fax (281) 269-2691
> E-mail: ali at affordabletours.com
> My Working Hours: Mon - Fri: 09:00AM - 05:00PM CST
>
> *NOTICE: This e-mail message, including any attachments, is for the use of
> the intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the recipient, please contact the sender by
> reply e-mail and destroy all copies of the original message*
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160311/b4f28955/attachment-0001.html
More information about the keycloak-user
mailing list