[keycloak-user] NullPointerException in PolicyResourceService.java token-exchange permissions

Pedro Igor Silva psilva at redhat.com
Tue Nov 20 10:48:29 EST 2018 

It should be fixed in 4.6.0.Final. The issue is related to admin events
being enabled and causing that NPE. Please, try to upgrade or disable admin
events (if possible).

On Tue, Nov 20, 2018 at 12:41 PM Daniel Fernandez Rodriguez <
danielfr at cern.ch> wrote:

> Hi All,
>
> I've been using policies and token-exchange permissions extensively for
> some of my clients for a while now.
>
> All worked as expected but since a few weeks ago I'm experiencing some
> errors when trying to delete old policies, add new ones or create new
> token-exchange permission. From the WebUI I always get the same generic
> error saying:
>
> *> Error!* An unexpected server error has occurred
>
> Checking the server logs it seems there is uncaught NullPointerException
> in PolicyResourceService.java. (stack trace when attempting to create
> new policy)
>
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: 14:27:36,328
> DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-7)
> *org.keycloak.authorization.jpa.entities.PolicyEntity*{owner=null,
> resourceServer=org.keycloak.authorization.jpa.entities.ResourceServerEntity#7fd6467c-9f95-4cbd-90b2-3586ba308dda,
>
> name=deleteme, description=null, resources=[],
> id=c6a35294-3031-4674-bcfc-3957ca4af846, logic=0, scopes=[],
> associatedPolicies=[], type=client, config=[], decisionStrategy=1}
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: 14:27:36,328
> DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-7)
> org.keycloak.authorization.jpa.entities.ResourceServerEntity{id=7fd6467c-9f95-4cbd-90b2-3586ba308dda,
>
> allowRemoteResourceManagement=false, policyEnforcementMode=0}
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: 14:27:36,328
> DEBUG [org.hibernate.SQL] (default task-7)
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: select
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]:
> cliententi0_.ID as col_0_0_
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: from
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: CLIENT
> cliententi0_
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: where
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]:
> cliententi0_.CLIENT_ID=?
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: and
> cliententi0_.REALM_ID=?
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: 14:27:36,330
> DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-7) Initiating JDBC connection release from afterStatement
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: 14:27:36,333
> ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default
> task-7) *Uncaught server error: java.lang.NullPointerException*
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
>
> *org.keycloak.authorization.admin.PolicyService.audit(PolicyService.java:334)*
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
>
> org.keycloak.authorization.admin.PolicyService.create(PolicyService.java:124)
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> Nov 20 14:27:36 keycloak-dev-01.cern.ch launch.sh[17095]: at
> java.lang.reflect.Method.invoke(Method.java:498)
>
> Is there something I can do to fix it? Since these errors appeared the
> service became pretty unresponsive giving me a lot of errors (exporting
> clients does not work anymore and many other small things)
>
> I'm using keycloak 4.5.0Final with an external mysql database.
>
> Thanks a lot for your help,
>
> Daniel.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list