[keycloak-user] NPE when requesting authorization

Pedro Igor Silva psilva at redhat.com
Tue Jul 3 07:34:36 EDT 2018


Could you give export your authz settings ? I tried to reproduce the error
using a scope permission with no success.

On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi guys,
> I got this error when requesting authorization on a resource:
>
> $ curl -X POST
> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $USERTOKEN" -d
> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&
> audience=api-server&permission=Sensortest#sensors:view"
>
> {"error":"server_error","error_description":"Unexpected error while
> evaluating permissions"}
>
> On the server side I get:
>
> 12:42:11,821 ERROR
> [org.keycloak.authorization.authorization.AuthorizationTokenService]
> (default task-16) Unexpected error while evaluating permissions:
> java.lang.NullPointerException
>   at
> org.keycloak.authorization.util.Permissions.permits(Permissions.java:194)
>   at
> org.keycloak.authorization.authorization.AuthorizationTokenService.
> authorize(AuthorizationTokenService.java:173)
>   at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
> permissionGrant(TokenEndpoint.java:1124)
>   at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(
> TokenEndpoint.java:190)
>   at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:498)
>
>
> I got my token this way:
> USERTOKEN=`curl -X POST  -H "Content-Type:
> application/x-www-form-urlencoded" -d
> 'username=guest&password=guest&grant_type=password&
> client_id=api-server&client_secret=xxx'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
> jq .access_token -r`
>
> This seems to happen for scope-based policies.
>
> Cheers
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list