[keycloak-user] Recaptcha Provider causing PersistenceExceptions

John D. Ament john.d.ament at gmail.com
Wed Aug 9 14:13:09 EDT 2017


I just tested it out.  I think I know why it works OOTB but not with config
changes.  For some reason, in my env caching doesn't work, so its always
hitting the DB.  The issue does in fact fail on master for this same case,
when I get caching to not work.

I would recommend adding the following fix (from 3.2 code).  Let me know if
you want me to create a ticket.  Also do let me know if you have any idea
why caching gets disabled in my env.

John

diff --git
a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index 61f6254..068fd09 100755
---
a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++
b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -509,10 +509,12 @@ public class AuthenticationManagementResource {
                 rep.setId(execution.getId());

                 if (factory.isConfigurable()) {
-                    AuthenticatorConfigModel authenticatorConfig =
realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
+                    if (execution.getAuthenticatorConfig() != null) {
+                        AuthenticatorConfigModel authenticatorConfig =
realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());

-                    if (authenticatorConfig != null) {
-                        rep.setAlias(authenticatorConfig.getAlias());
+                        if (authenticatorConfig != null) {
+                            rep.setAlias(authenticatorConfig.getAlias());
+                        }
                     }
                 }

On Wed, Aug 9, 2017 at 1:37 PM John D. Ament <john.d.ament at gmail.com> wrote:

> Hi,
>
> After upgrading to Keycloak 3.2 we found on the admin screens they won't
> load in certain scenarios, under authentication -> flows.  When we choose
> the registration or browser flows, the following stacktrace is seen:
>
>  17:33:25,251 ERROR [io.undertow.request] (default task-12) UT005023:
> Exception handling request to
> /auth/admin/realms/qpd-manager/authentication/flows/registration/executions:
> org.jboss.resteasy.spi.UnhandledException:
> org.keycloak.models.ModelException: java.lang.IllegalArgumentException: id
> to load is required for loading
>  at
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>  at
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>  at
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
>  at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
>  at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>  at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>  at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>  at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>  at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>  at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>  at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>  at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>  at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>  at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>  at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>  at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>  at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>  at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>  at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>  at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>  at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>  at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>  at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>  at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>  at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>  at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>  at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>  at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>  at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>  at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>  at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>  at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>  at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>  at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>  at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>  at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>  at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>  at java.lang.Thread.run(Thread.java:745)
>  Caused by: org.keycloak.models.ModelException:
> java.lang.IllegalArgumentException: id to load is required for loading
>  at
> org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:61)
>  at
> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:51)
>  at com.sun.proxy.$Proxy66.find(Unknown Source)
>  at
> org.keycloak.models.jpa.RealmAdapter.getAuthenticatorConfigById(RealmAdapter.java:1576)
>  at
> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:512)
>  at
> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:500)
>  at
> org.keycloak.services.resources.admin.AuthenticationManagementResource.getExecutions(AuthenticationManagementResource.java:464)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>  at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498)
>  at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>  at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>  at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>  at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>  at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>  ... 37 more
>  Caused by: java.lang.IllegalArgumentException: id to load is required for
> loading
>  at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:93)
>  at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:63)
>  at
> org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2693)
>  at org.hibernate.internal.SessionImpl.get(SessionImpl.java:975)
>  at
> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1075)
>  at
> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1033)
>  at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source)
>  at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498)
>  at
> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:49)
>  ... 56 more
>
>
> However, keycloak is handling a null return value, that isn't what's
> happening in JPA.  The ID in this case is null, which causes hibernate to
> throw a persistence exception that the ID must not be null to do a load.
>
> I have no idea what is causing this, however it only happens when our
> custom providers are deployed to Keycloak.  This does not happen in
> Keycloak 3.1.  The execution in this case is when loading the recaptcha
> execution.  We have no customized anything with regard to recaptcha.
>
> John
>


More information about the keycloak-user mailing list