[keycloak-user] NPE when requesting authorization

Pedro Igor Silva psilva at redhat.com
Tue Jul 3 11:00:42 EDT 2018


It should be fixed now in master and available in next release.
https://github.com/keycloak/keycloak/pull/5346.

Thanks !

On Tue, Jul 3, 2018 at 10:39 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Yes, I see that this error happens when the resource does not exists.
> However, with my user "guest", it happens all the time, even when the
> resource does exist...
>
> On Tue, Jul 3, 2018 at 2:15 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> OK. Found the issue. Will fix it. Problem is that Sensortest does not
>> exist and program enters in a state that a resource-less permission causes
>> that error.
>>
>> On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi guys,
>>> I got this error when requesting authorization on a resource:
>>>
>>> $ curl -X POST
>>> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token
>>> -H
>>> "Authorization: Bearer $USERTOKEN" -d
>>> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
>>> ence=api-server&permission=Sensortest#sensors:view"
>>>
>>> {"error":"server_error","error_description":"Unexpected error while
>>> evaluating permissions"}
>>>
>>> On the server side I get:
>>>
>>> 12:42:11,821 ERROR
>>> [org.keycloak.authorization.authorization.AuthorizationTokenService]
>>> (default task-16) Unexpected error while evaluating permissions:
>>> java.lang.NullPointerException
>>>   at
>>> org.keycloak.authorization.util.Permissions.permits(Permissi
>>> ons.java:194)
>>>   at
>>> org.keycloak.authorization.authorization.AuthorizationTokenS
>>> ervice.authorize(AuthorizationTokenService.java:173)
>>>   at
>>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissio
>>> nGrant(TokenEndpoint.java:1124)
>>>   at
>>> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGr
>>> antRequest(TokenEndpoint.java:190)
>>>   at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
>>>   at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>>   at java.lang.reflect.Method.invoke(Method.java:498)
>>>
>>>
>>> I got my token this way:
>>> USERTOKEN=`curl -X POST  -H "Content-Type:
>>> application/x-www-form-urlencoded" -d
>>> 'username=guest&password=guest&grant_type=password&client_id
>>> =api-server&client_secret=xxx'
>>> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>>> |
>>> jq .access_token -r`
>>>
>>> This seems to happen for scope-based policies.
>>>
>>> Cheers
>>> Corentin
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>


More information about the keycloak-user mailing list