Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-17804

NullPointerException in preflightCors()-method

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Done
    • 10.0.2, 12.0.4
    • 13.0.0
    • Adapter - Spring
    • None
    • Hide

      When a custom config resolver returns null, it triggers a NPE in the code, there's also a case in the code, in which it could theoretically return null

      Show
      When a custom config resolver returns null, it triggers a NPE in the code, there's also a case in the code, in which it could theoretically return null
    • NEW
    • NEW

    Description

      The method

      org.keycloak.adapters.AdapterDeploymentContext#resolveDeployment(HttpFacade)
      

      can return null when called (e.g. when deployment is null) (https://github.com/keycloak/keycloak/blob/64ccbda5d552ff1ffaf435255a8b43d66a5fe2af/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java#L92)

      org.keycloak.adapters.PreAuthActionsHandler#preflightCors()
      

      uses the aforementioned null and calls isCors() on it (https://github.com/keycloak/keycloak/blob/64ccbda5d552ff1ffaf435255a8b43d66a5fe2af/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java#L101)

      This results in:

      java.lang.NullPointerException: null
      at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:101) 
      at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:75) 
      at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:177) 
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) 
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) 
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) 
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) 
      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) 
      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) 
      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888) 
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597) 
      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) 
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
      at java.lang.Thread.run(Thread.java:748) [?:1.8.0_212]
      

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            froks Florian Roks (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: