[keycloak-user] Strange behaviour during RPT call - java.lang.RuntimeException: Error while reading attributes

Matteo Restelli mrestelli at cuebiq.com
Fri Jul 26 09:26:02 EDT 2019 

Hi all,
We're noticing a strange behaviour during RPT call performed by our
adapter. More specifically, we're getting a 500 HTTP Error with the
following description: "Unexpected error while evaluating permissions:
java.lang.RuntimeException: Error while reading attributes" and with a
NullPointerException.
I had a keycloak access token with 5 hours of expiration time and "SSO
Session Idle time", in Keycloak, was set to 30 minutes. I know, it's a
strange configuration, but we've used it just for testing purposes of the
RPT / Authorization part.
Once i've received the error, i've started thinking that the problem was
probably due to the fact that the user's session was expired (i've notice
the error after lunch where i've left the pc alone for about 1 hour), so
i've tried to reproduce the error in this way:

- Login via Resource Owner Password grant flow (via Postman)
- Getting the token and calling our test microservice where the adapter was
configured
- RPT Call worked
- After that, logout the user's session from the user admin console
- Retried the call to the microservice with the same token
- Received the 500 HTTP Error

We're using Keycloak 6.0.1.
I've a question about: is it right that error? In my opinion we should
receive a 401, not 500...

At the bottom you can find the stacktrace.

Thank you very much,
Matteo


12:58:23,179 ERROR
[org.keycloak.authorization.authorization.AuthorizationTokenService]
(default task-784) Unexpected error while evaluating permissions:
java.lang.RuntimeException: Error while reading attributes from security
token.

at
org.keycloak.authorization.common.KeycloakIdentity.<init>(KeycloakIdentity.java:146)

at
org.keycloak.authorization.common.KeycloakIdentity.<init>(KeycloakIdentity.java:69)

at
org.keycloak.authorization.authorization.AuthorizationTokenService.lambda$static$1(AuthorizationTokenService.java:131)

at
org.keycloak.authorization.authorization.AuthorizationTokenService.createEvaluationContext(AuthorizationTokenService.java:379)

at
org.keycloak.authorization.authorization.AuthorizationTokenService.authorize(AuthorizationTokenService.java:160)

at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissionGrant(TokenEndpoint.java:1157)

at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:196)

at sun.reflect.GeneratedMethodAccessor811.invoke(Unknown Source)

at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)

at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:510)

at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:400)

at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:364)

at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)

at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:366)

at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338)

at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)

at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)

at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)

at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)

at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:439)

at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)

at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)

at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)

at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)

at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)

at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)

at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)

at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)

at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)

at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)

at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)

at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.NullPointerException

-- 

Like <https://www.facebook.com/cuebiq/> I Follow  
<https://twitter.com/Cuebiq>I Connect 
<https://www.linkedin.com/company/cuebiq>


This email is reserved 
exclusively for sending and receiving messages inherent working activities, 
and is not intended nor authorized for personal use. Therefore, any 
outgoing messages or incoming response messages will be treated as company 
messages and will be subject to the corporate IT policy and may possibly to 
be read by persons other than by the subscriber of the box. Confidential 
information may be contained in this message. If you are not the address 
indicated in this message, please do not copy or deliver this message to 
anyone. In such case, you should notify the sender immediately and delete 
the original message.

More information about the keycloak-user mailing list