[keycloak-user] Using keycloak-spring-boot-starter throws NullPointerException when “keycloak.enabled = false” in spring boot application.properties

Pharande Rahul rahul.pharande at gi-de.com
Wed Nov 29 07:35:00 EST 2017


Hi,

While using “keycloak-spring-boot-starter v3.4.0.Final” with “spring-boot-starter-security V1.5.8.RELEASE”, I’m getting NullPointerException as described below.
Please let me know if anyone has suggestion on this, OR this is really defect in keycloak adapter.

Precondition –

·         Application configured to use spring-security with KeycloakWebSecurityConfigurerAdapter. As shows below class SecurityConfig in Example section (A).

·         Disable keycloak in spring boot’s Application property as “keycloak.enabled = false”

Expected Result –

·         When Keycloak is disabled, spring security should handle authentication OR should not perform authentication.

Actual Result –
                java.lang.NullPointerException: null
        at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:55) ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:164) ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:37) ~[keycloak-spring-boot-adapter-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:88) ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107) ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79) ~[keycloak-adapter-core-3.4.0.Final.jar!/:3.4.0.Final]
        at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:81) ~[keycloak-spring-security-adapter-3.4.0.Final.jar!/:3.4.
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-4.2.3.RELEASE.jar!/:4.2.3.RELEASE]
                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]

What can be done here:

·         Ideal Option: Keycloak adapter classes like “KeycloakWebSecurityConfigurerAdapter” should avoid registering it’s filters when “keycloak.enabled” property is false.

·         Temporary Option: we can handle this at application config level by defining  on SecurityConfig class

o   @ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true")

Example Section A:

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        KeycloakAuthenticationProvider keyCloakAuthProvider = keycloakAuthenticationProvider();
        keyCloakAuthProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());

        auth.authenticationProvider(keyCloakAuthProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        super.configure(http);
        http
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .sessionAuthenticationStrategy(sessionAuthenticationStrategy())
            .and()
            .authorizeRequests()
            .antMatchers("/test*").hasRole("ADMIN")
            .anyRequest().permitAll();
    }

    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    @Bean
    public KeycloakConfigResolver KeyCloakConfigResolver(){
        return new KeycloakSpringBootConfigResolver();
    }
}

Thanks and Regards.
Rahul Pharande



More information about the keycloak-user mailing list