Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8927

Upgrade from 4.5.0.Final to 4.6.0.Final - Will fail to perform any write operation on the keycloak admin UI

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Duplicate Issue
    • Affects Version/s: 4.6.0.Final
    • Fix Version/s: 4.8.0.Final
    • Component/s: None
    • Labels:
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      After updating my image from 4.5.0.Final to 4.6.0.Final, my keycloak container will start up without any problems. It performs some migrations before starting up the admin UI.

      After that, when I perform any write operation such as logging out all sessions of a realm, I get the following error:

      keycloak_1_543675244f0a | 14:24:24,043 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-1) Uncaught server error: java.lang.NullPointerException
      keycloak_1_543675244f0a |       at org.keycloak.services.resources.Cors.build(Cors.java:193)
      keycloak_1_543675244f0a |       at org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:211)
      keycloak_1_543675244f0a |       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      keycloak_1_543675244f0a |       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      keycloak_1_543675244f0a |       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      keycloak_1_543675244f0a |       at java.lang.reflect.Method.invoke(Method.java:498)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:69)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:48)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:99)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
      keycloak_1_543675244f0a |       at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
      keycloak_1_543675244f0a |       at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      keycloak_1_543675244f0a |       at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
      keycloak_1_543675244f0a |       at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      keycloak_1_543675244f0a |       at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      keycloak_1_543675244f0a |       at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      keycloak_1_543675244f0a |       at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      keycloak_1_543675244f0a |       at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      keycloak_1_543675244f0a |       at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      keycloak_1_543675244f0a |       at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      keycloak_1_543675244f0a |       at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      keycloak_1_543675244f0a |       at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
      keycloak_1_543675244f0a |       at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
      keycloak_1_543675244f0a |       at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      keycloak_1_543675244f0a |       at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      keycloak_1_543675244f0a |       at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      keycloak_1_543675244f0a |       at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
      keycloak_1_543675244f0a |       at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
      keycloak_1_543675244f0a |       at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
      keycloak_1_543675244f0a |       at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      keycloak_1_543675244f0a |       at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      keycloak_1_543675244f0a |       at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      keycloak_1_543675244f0a |       at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
      keycloak_1_543675244f0a |       at java.lang.Thread.run(Thread.java:748)
      
      
      

      I debugged this at work and I was able to workaround the issue by going into the postgres database and adding '*' in the web_origins database table for the security-admin-console client. But please follow up to fix this.

      FYI I ran the following commands on postgres:

      # select id, client_id from client where client_id = 'security-admin-console';
      
                        id                  |       client_id
      --------------------------------------+------------------------
       47c490f4-2b53-4579-8678-57077827625e | security-admin-console
      (1 row)
      
      # insert into web_origins values ('47c490f4-2b53-4579-8678-57077827625e', '*');
      
      

      Then I reboot my keycloak server and the admin UI will allow write operations again.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  geekyme Shawn Lim
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: