Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9561

Keycloak adapter isn't working within OSGI environment anymore

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 4.8.3.Final
    • Fix Version/s: None
    • Component/s: Adapter - Java - Fuse
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      + Add all required bundles to an OSGI environment
      + Define Blueprint and using a keycloak.json with an empty policy enforcer
      + Access secured REST endpoint will raise exception above.

      Show
      + Add all required bundles to an OSGI environment + Define Blueprint and using a keycloak.json with an empty policy enforcer + Access secured REST endpoint will raise exception above.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hello,

      I tried to upgrade our keycloak adpater from keycloak 3.4.3 to 4.8.3. The old adapter is working in the OSGI env. The adapter for 4.8.3.Final does startup, also. But with the first request in the PolicyEnforcer it fails with this exception.

      java.util.ServiceConfigurationError: org.keycloak.adapters.authorization.ClaimInformationPointProviderFactory: Provider org.keycloak.adapters.authorization.cip.ClaimsInformationPointProviderFactory not found
      	at java.util.ServiceLoader.fail(ServiceLoader.java:239) ~[?:?]
      	at java.util.ServiceLoader.access$300(ServiceLoader.java:185) ~[?:?]
      	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:372) ~[?:?]
      	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404) ~[?:?]
      	at java.util.ServiceLoader$1.next(ServiceLoader.java:480) ~[?:?]
      	at org.keycloak.adapters.authorization.PolicyEnforcer.loadClaimInformationPointProviders(PolicyEnforcer.java:137) ~[?:?]
      	at org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:88) ~[?:?]
      	at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:147) ~[?:?]
      	at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:156) ~[?:?]
      	at org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver.cacheConfiguration(PathBasedKeycloakConfigResolver.java:133) ~[?:?]
      	at org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver.getOrCreateDeployment(PathBasedKeycloakConfigResolver.java:87) ~[?:?]
      	at org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver.resolve(PathBasedKeycloakConfigResolver.java:66) ~[?:?]
      	at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:88) ~[?:?]
      	at org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.validateRequest(AbstractKeycloakJettyAuthenticator.java:287) ~[?:?]
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:483) ~[?:?]
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:296) ~[?:?]
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) ~[?:?]
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) ~[?:?]
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.Server.handle(Server.java:539) ~[121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [121:org.eclipse.jetty.server:9.3.24.v20180605]
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [113:org.eclipse.jetty.io:9.3.24.v20180605]
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [113:org.eclipse.jetty.io:9.3.24.v20180605]
      	at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [113:org.eclipse.jetty.io:9.3.24.v20180605]
      	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [124:org.eclipse.jetty.util:9.3.24.v20180605]
      	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [124:org.eclipse.jetty.util:9.3.24.v20180605]
      	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [124:org.eclipse.jetty.util:9.3.24.v20180605]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [124:org.eclipse.jetty.util:9.3.24.v20180605]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [124:org.eclipse.jetty.util:9.3.24.v20180605]
      	at java.lang.Thread.run(Thread.java:745) [?:?]
      

      So I looked into the code and found this two method calls.

      loadClaimInformationPointProviders(ServiceLoader.load(ClaimInformationPointProviderFactory.class, ClaimInformationPointProviderFactory.class.getClassLoader()));
              loadClaimInformationPointProviders(ServiceLoader.load(ClaimInformationPointProviderFactory.class, Thread.currentThread().getContextClassLoader()));
      

      Here you are using the ServiceLoader and I know if you try to access resources from another bundle you must use the manifest file see here. But I don't know if this is necessary if accessing resources within the same bundle.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lutzchristian Christian Lutz
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: