[keycloak-user] Recaptcha Provider causing PersistenceExceptions

[John D. Ament]

Hi,

After upgrading to Keycloak 3.2 we found on the admin screens they won't
load in certain scenarios, under authentication -> flows.  When we choose
the registration or browser flows, the following stacktrace is seen:

 17:33:25,251 ERROR [io.undertow.request] (default task-12) UT005023:
Exception handling request to
/auth/admin/realms/qpd-manager/authentication/flows/registration/executions:
org.jboss.resteasy.spi.UnhandledException:
org.keycloak.models.ModelException: java.lang.IllegalArgumentException: id
to load is required for loading
 at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
 at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
 at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
 at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
 at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
 at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
 at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
 at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
 at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
 at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
 at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
 at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
 at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
 at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
 at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
 at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
 at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
 at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
 at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
 at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
 at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
 at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
 at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
 at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
 at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
 at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
 at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
 at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
 at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at java.lang.Thread.run(Thread.java:745)
 Caused by: org.keycloak.models.ModelException:
java.lang.IllegalArgumentException: id to load is required for loading
 at
org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:61)
 at
org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:51)
 at com.sun.proxy.$Proxy66.find(Unknown Source)
 at
org.keycloak.models.jpa.RealmAdapter.getAuthenticatorConfigById(RealmAdapter.java:1576)
 at
org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:512)
 at
org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:500)
 at
org.keycloak.services.resources.admin.AuthenticationManagementResource.getExecutions(AuthenticationManagementResource.java:464)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
 at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
 at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
 at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
 at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
 ... 37 more
 Caused by: java.lang.IllegalArgumentException: id to load is required for
loading
 at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:93)
 at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:63)
 at
org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2693)
 at org.hibernate.internal.SessionImpl.get(SessionImpl.java:975)
 at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1075)
 at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1033)
 at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at
org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:49)
 ... 56 more


However, keycloak is handling a null return value, that isn't what's
happening in JPA.  The ID in this case is null, which causes hibernate to
throw a persistence exception that the ID must not be null to do a load.

I have no idea what is causing this, however it only happens when our
custom providers are deployed to Keycloak.  This does not happen in
Keycloak 3.1.  The execution in this case is when loading the recaptcha
execution.  We have no customized anything with regard to recaptcha.

John