1 2 Previous Next 17 Replies Latest reply on Oct 19, 2015 12:02 PM by Hristo Stoyanov

    Errai 3.2.0-snapshot and Keycloak 1.2.0.Final - coninued pains

    Hristo Stoyanov Master

      Hi all.

      I am stuck and I wonder if someone has been through the same issues I am facing with Errai 3.2.0-SNAPSHOT and Keycloak 1.2.0.Final (I have the same issues with older versions too). Ant clue? I am completely out of ideas, especially with the Errai Security Demo seems to work with the same configuration!

       

      Below is my web.xml which closely mimics the one from Errai security demo:

       

      1. What I noticed first was that after a succeessful KC login, KC redirects back to the wrong url: http://localhost:8080/draft/app-login  instead of http://localhost:8080/draft/app-login/index_draft.jsp  The reason turns out to be that the LoginRedirectFilter never gets called,, so the redirectLocation is not picked up!

       

      2. After wasting quite some time, I discovered that I need to comment out the entire <security-constraint> ... </security-constraint> section in my web.xml, to get my debugger prove that the filter now gets called.

      Why is <security-constraint> ... </security-constraint> suppressing the filter and why this is not happening with the Errai Security Demo?


      Next however, this leads  to a different type of exception in the doFilter() method:

       

       

       

      Context Path:

      /draft

       

      Servlet Path:

      /app-login

       

      Path Info:

      null

       

      Query String:

      null

       

      Stack Trace

      org.jboss.weld.exceptions.IllegalProductException: WELD-000054: Producers cannot produce non-serializable instances for injection into non-transient fields of passivating beans Producer: Producer Method [AuthenticationService] with qualifiers [@Filtered @Any] declared as [[BackedAnnotatedMethod] @Produces @Filtered public org.jboss.errai.security.keycloak.extension.WrappedServiceProducer.getWrappedAuthenticationService()] Injection Point: [BackedAnnotatedField] @Inject @Filtered private org.jboss.errai.security.keycloak.KeycloakAuthenticationService.wrappedAuthService

      org.jboss.weld.bean.AbstractProducerBean.checkReturnValue(AbstractProducerBean.java:157)

      org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:184)

      org.jboss.weld.context.unbound.DependentContextImpl.get(DependentContextImpl.java:69)

      org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:742)

      org.jboss.weld.manager.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:840)

      org.jboss.weld.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:92)

      org.jboss.weld.util.Beans.injectBoundFields(Beans.java:370)

      org.jboss.weld.util.Beans.injectFieldsAndInitializers(Beans.java:381)

      org.jboss.weld.injection.producer.ResourceInjector$1.proceed(ResourceInjector.java:70)

      org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:48)

      org.jboss.weld.injection.producer.ResourceInjector.inject(ResourceInjector.java:72)

      org.jboss.weld.injection.producer.BasicInjectionTarget.inject(BasicInjectionTarget.java:121)

      org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:150)

      org.jboss.weld.util.bean.IsolatedForwardingBean.create(IsolatedForwardingBean.java:44)

      org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)

      org.jboss.weld.context.PassivatingContextWrapper$AbstractPassivatingContextWrapper.get(PassivatingContextWrapper.java:76)

      org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:98)

      org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:99)

      org.jboss.errai.security.keycloak.KeycloakAuthenticationService$Proxy$_$$_WeldClientProxy.setSecurityContext(Unknown Source)

      org.jboss.errai.security.keycloak.LoginRedirectFilter.doFilter(LoginRedirectFilter.java:68)

       

      ====================================================================================

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"

              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

              xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"

              version="3.1">

       

          <!-- Default page to serve -->

          <welcome-file-list>

              <welcome-file>index_draft.jsp</welcome-file>

          </welcome-file-list>

       

       

          <!--  This error page rule responds with the GWT Host page for pushstate Errai Navigation URLs -->

          <error-page>

              <error-code>404</error-code>

              <location>/</location>

          </error-page>

       

       

       

          <!-- Erray Keycloak security --> 

          <filter>

              <filter-name>ErraiLoginRedirectFilter</filter-name>

              <init-param>

                  <param-name>redirectLocation</param-name>

                  <param-value>/index_draft.jsp</param-value>

              </init-param>

          </filter>

       

          <!-- JAX-RS configuration-->

          <servlet-mapping>

              <servlet-name>javax.ws.rs.core.Application</servlet-name>

              <url-pattern>/rest/*</url-pattern>

          </servlet-mapping>

       

       

          <filter-mapping>

              <filter-name>ErraiUserCookieFilter</filter-name>

              <url-pattern>/index_draft.jsp</url-pattern>

          </filter-mapping>

       

       

          <filter-mapping>

              <filter-name>ErraiLoginRedirectFilter</filter-name>

              <url-pattern>/app-login</url-pattern>

          </filter-mapping>

               

          <security-constraint>

              <web-resource-collection>

                  <web-resource-name>Login</web-resource-name>

                  <url-pattern>/app-login</url-pattern>

              </web-resource-collection>

              <auth-constraint>

                  <role-name>*</role-name>

              </auth-constraint>

          </security-constraint>

       

          <login-config>

              <auth-method>KEYCLOAK</auth-method>

              <realm-name>TEST</realm-name>

          </login-config>

       

          <security-role>

              <role-name>user</role-name>

          </security-role>

       

          <security-role>

              <role-name>admin</role-name>

          </security-role>

       

       

      </web-app>

        1 2 Previous Next