[keycloak-user] Class loading issue when refreshing token

Guus der Kinderen guus.der.kinderen at gmail.com
Tue Mar 29 05:28:19 EDT 2016


As I was afraid of, the problem does relate to the classloading setup that
I need to work with. Although most service proxies are instantiated just
fine, the TokenService gets instantiated "on demand", which causes the
classloader to be used (for reflection) from the thread that's doing the
invocation of the requested functionality (rather than the thread that was
used to instantiate the admin client, which is how all other proxies were
created).

I do think that there's an easy improvement here: as far as I can tell,
there's no need to re-create the proxy all the time. It can instead be
created once, when TokenManager is created. Construction is very likely to
occur in the correct classloader - it's not bullet proof, but certainly an
improvement.

I've created a JIRA issue for this here:
https://issues.jboss.org/browse/KEYCLOAK-2721 as well as a pull request
here: https://github.com/keycloak/keycloak/pull/2443

 - Guus

On 25 March 2016 at 20:09, Guus der Kinderen <guus.der.kinderen at gmail.com>
wrote:

> I do have core on my classpath. I am bound to a setup where keycloak is
> instantiated by a classloader that is a child of the classloader that
> triggers the requests. Is that a problem? It obviously isn't a problem for
> some calls, but perhaps that there's something different with that
> TokenService?
>
> I'm having trouble determining the exact set of dependencies that I need
> for my project. Is that documented somewhere?
>
> Does anyone know how I could further diagnose this issue?
>
> Regards,
>
>   Guus
>
> On 24 March 2016 at 10:29, Marko Strukelj <mstrukel at redhat.com> wrote:
>
>> The stacktrace hides whether this is ClassNotFoundException or
>> NoClassDefFoundError, so it's possible that TokenService is actually
>> visible, but not one of its dependencies.
>>
>> You'll definitely also need to add keycloak-core.jar to your classpath.
>>
>> On Thu, Mar 24, 2016 at 10:21 AM, Guus der Kinderen <
>> guus.der.kinderen at gmail.com> wrote:
>>
>>> Hello cloakees.
>>>
>>> I'm having an interesting problem while using the admin-client from
>>> 1.9.1. Initially, things go well. I can extract data as expected. However,
>>> after a couple of minutes (I think when the admin-client-token needs
>>> refreshing), I'm suddenly getting errors:
>>> "java.lang.IllegalArgumentException: interface
>>> org.keycloak.admin.client.token.TokenService is not visible from class
>>> loader" I added a full stacktrace below.
>>>
>>> I find it odd that some functionality does work, but other does not.
>>> What's causing this? keycloak-admin-client-1.9.1.Final.jar is on the
>>> classpath, which is where that interface appears to live.
>>>
>>> Regards,
>>>
>>>   Guus
>>>
>>> 2016.03.24 10:18:50 WARN  [Jetty-QTP-AdminConsole-58]:
>>> org.eclipse.jetty.servlet.ServletHandler - /user-summary.jsp
>>> javax.ws.rs.ProcessingException: java.lang.IllegalArgumentException:
>>> interface org.keycloak.admin.client.token.TokenService is not visible from
>>> class loader
>>>         at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:430)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
>>>         at com.sun.proxy.$Proxy26.search(Unknown Source)
>>>         at
>>> org.jivesoftware.openfire.plugin.KeycloakUserProvider.getUserCount(KeycloakUserProvider.java:134)
>>>         at
>>> org.jivesoftware.openfire.user.UserManager.getUserCount(UserManager.java:263)
>>>         at
>>> org.jivesoftware.openfire.admin.user_002dsummary_jsp._jspService(user_002dsummary_jsp.java:107)
>>>         at
>>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
>>>         at
>>> com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
>>>         at
>>> com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>>         at
>>> org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>>         at
>>> org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:53)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>>         at
>>> org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:80)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>>         at
>>> org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>>>         at
>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>>>         at
>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>>>         at
>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>>>         at
>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>>>         at
>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>>>         at
>>> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>>>         at
>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>>>         at
>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>>>         at
>>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
>>>         at
>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
>>>         at
>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>>>         at org.eclipse.jetty.server.Server.handle(Server.java:499)
>>>         at
>>> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
>>>         at
>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>>>         at
>>> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
>>>         at
>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>>>         at
>>> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>>>         at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.lang.IllegalArgumentException: interface
>>> org.keycloak.admin.client.token.TokenService is not visible from class
>>> loader
>>>         at
>>> java.lang.reflect.Proxy$ProxyClassFactory.apply(Proxy.java:581)
>>>         at
>>> java.lang.reflect.Proxy$ProxyClassFactory.apply(Proxy.java:557)
>>>         at java.lang.reflect.WeakCache$Factory.get(WeakCache.java:230)
>>>         at java.lang.reflect.WeakCache.get(WeakCache.java:127)
>>>         at java.lang.reflect.Proxy.getProxyClass0(Proxy.java:419)
>>>         at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:719)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.ProxyBuilder.proxy(ProxyBuilder.java:70)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.ProxyBuilder.build(ProxyBuilder.java:122)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientWebTarget.proxy(ClientWebTarget.java:74)
>>>         at
>>> org.keycloak.admin.client.token.TokenManager.refreshToken(TokenManager.java:100)
>>>         at
>>> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:59)
>>>         at
>>> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:52)
>>>         at
>>> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:48)
>>>         at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:413)
>>>         ... 40 more
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160329/764a26d0/attachment.html 


More information about the keycloak-user mailing list