Details
-
Bug
-
Resolution: Done
-
Critical
-
1.7.6.GA, 1.11.6.CR1
-
-
Documentation (Ref Guide, User Guide, etc.), Release Notes
-
Workaround Exists
-
-
Undefined
-
+
-
---
Description
GitHub issue: https://github.com/quarkusio/quarkus/issues/14318
I've configured a Quarkus app using the extension "quarkus-keycloak-authorization" with the following properties:
quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/test-realm quarkus.oidc.client-id=test-application-client quarkus.oidc.credentials.secret=test-application-client-secret quarkus.keycloak.policy-enforcer.enable=true
Code:
@Path("/user") public class UserResource { @Inject SecurityIdentity identity; @Inject JsonWebToken jwt; @GET @Produces(MediaType.TEXT_PLAIN) public String get() { return "Hello, user " + identity.getPrincipal().getName(); } @GET @Path("/issuer") @Produces(MediaType.TEXT_PLAIN) public String issuer() { return "user token issued by " + jwt.getIssuer(); } }
This setup is NOT working either on jvm and native using the latest RH SSO 7.4 (I could not test with the latest Keycloak image). It throws this exception at startup:
__ ____ __ _____ ___ __ ____ ______ --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \ --\___\_\____/_/ |_/_/|_/_/|_|\____/___/ 2021-01-14 16:57:40,466 INFO [org.key.ada.aut.PolicyEnforcer] (main) Paths provided in configuration. 2021-01-14 16:57:40,670 WARN [org.apa.htt.cli.pro.ResponseProcessCookies] (main) Invalid cookie header: "Set-Cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/test-realm/; HttpOnly". Invalid 'expires' attribute: Thu, 01-Jan-1970 00:00:10 GMT 2021-01-14 16:57:40,871 ERROR [io.qua.run.Application] (main) Failed to start application (with profile native): java.lang.NullPointerException at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:44) at org.keycloak.authorization.client.util.TokenCallable.call(TokenCallable.java:64) at org.keycloak.authorization.client.resource.ProtectedResource.createFindRequest(ProtectedResource.java:296) at org.keycloak.authorization.client.resource.ProtectedResource.access$300(ProtectedResource.java:38) at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:225) at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:222) at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:230) at org.keycloak.authorization.client.resource.ProtectedResource.findByMatchingUri(ProtectedResource.java:291) at org.keycloak.adapters.authorization.PolicyEnforcer.configureDefinedPaths(PolicyEnforcer.java:180) at org.keycloak.adapters.authorization.PolicyEnforcer.configurePaths(PolicyEnforcer.java:160) at org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:76)
Attachments
Issue Links
- is documented by
-
QUARKUS-725 Release notes updates for 1.11
-
- Closed
-
