[keycloak-user] Recaptcha Provider causing PersistenceExceptions

John D. Ament john.d.ament at gmail.com
Thu Aug 10 06:45:31 EDT 2017


I've created https://issues.jboss.org/browse/KEYCLOAK-5274 and will leave
it up to the KC team if they want to apply the patch.  I can throw it out
there as a PR if you're going to accept it.

John

On Wed, Aug 9, 2017 at 2:13 PM John D. Ament <john.d.ament at gmail.com> wrote:

> I just tested it out.  I think I know why it works OOTB but not with
> config changes.  For some reason, in my env caching doesn't work, so its
> always hitting the DB.  The issue does in fact fail on master for this same
> case, when I get caching to not work.
>
> I would recommend adding the following fix (from 3.2 code).  Let me know
> if you want me to create a ticket.  Also do let me know if you have any
> idea why caching gets disabled in my env.
>
> John
>
> diff --git
> a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> index 61f6254..068fd09 100755
> ---
> a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> +++
> b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
> @@ -509,10 +509,12 @@ public class AuthenticationManagementResource {
>                  rep.setId(execution.getId());
>
>                  if (factory.isConfigurable()) {
> -                    AuthenticatorConfigModel authenticatorConfig =
> realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
> +                    if (execution.getAuthenticatorConfig() != null) {
> +                        AuthenticatorConfigModel authenticatorConfig =
> realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
>
> -                    if (authenticatorConfig != null) {
> -                        rep.setAlias(authenticatorConfig.getAlias());
> +                        if (authenticatorConfig != null) {
> +                            rep.setAlias(authenticatorConfig.getAlias());
> +                        }
>                      }
>                  }
>
> On Wed, Aug 9, 2017 at 1:37 PM John D. Ament <john.d.ament at gmail.com>
> wrote:
>
>> Hi,
>>
>> After upgrading to Keycloak 3.2 we found on the admin screens they won't
>> load in certain scenarios, under authentication -> flows.  When we choose
>> the registration or browser flows, the following stacktrace is seen:
>>
>>  17:33:25,251 ERROR [io.undertow.request] (default task-12) UT005023:
>> Exception handling request to
>> /auth/admin/realms/qpd-manager/authentication/flows/registration/executions:
>> org.jboss.resteasy.spi.UnhandledException:
>> org.keycloak.models.ModelException: java.lang.IllegalArgumentException: id
>> to load is required for loading
>>  at
>> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>>  at
>> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>>  at
>> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
>>  at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
>>  at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>  at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>  at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>  at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>  at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>  at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>  at
>> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>  at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>  at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>  at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>  at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>  at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>  at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>  at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>  at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>  at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>  at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>  at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>  at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>  at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>  at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>  at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>  at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>  at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>  at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>  at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>  at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>  at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>  at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>  at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>  at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>  at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>  at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>  at java.lang.Thread.run(Thread.java:745)
>>  Caused by: org.keycloak.models.ModelException:
>> java.lang.IllegalArgumentException: id to load is required for loading
>>  at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:61)
>>  at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:51)
>>  at com.sun.proxy.$Proxy66.find(Unknown Source)
>>  at
>> org.keycloak.models.jpa.RealmAdapter.getAuthenticatorConfigById(RealmAdapter.java:1576)
>>  at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:512)
>>  at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.recurseExecutions(AuthenticationManagementResource.java:500)
>>  at
>> org.keycloak.services.resources.admin.AuthenticationManagementResource.getExecutions(AuthenticationManagementResource.java:464)
>>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>  at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>  at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>  at java.lang.reflect.Method.invoke(Method.java:498)
>>  at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>>  at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>>  at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>  at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>  at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>  ... 37 more
>>  Caused by: java.lang.IllegalArgumentException: id to load is required
>> for loading
>>  at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:93)
>>  at org.hibernate.event.spi.LoadEvent.<init>(LoadEvent.java:63)
>>  at
>> org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2693)
>>  at org.hibernate.internal.SessionImpl.get(SessionImpl.java:975)
>>  at
>> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1075)
>>  at
>> org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1033)
>>  at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source)
>>  at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>  at java.lang.reflect.Method.invoke(Method.java:498)
>>  at
>> org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:49)
>>  ... 56 more
>>
>>
>> However, keycloak is handling a null return value, that isn't what's
>> happening in JPA.  The ID in this case is null, which causes hibernate to
>> throw a persistence exception that the ID must not be null to do a load.
>>
>> I have no idea what is causing this, however it only happens when our
>> custom providers are deployed to Keycloak.  This does not happen in
>> Keycloak 3.1.  The execution in this case is when loading the recaptcha
>> execution.  We have no customized anything with regard to recaptcha.
>>
>> John
>>
>


More information about the keycloak-user mailing list