I have a problem with Keycloak on my Ubuntu server. Register and login works fine. But when I try to make any request to the spring application by user bearer token, keycloak returns me 500 - Internal server error in Swagger. (Everything on localhost works fine!)
Logs of application when I try to make any request by bearer token:
dictionary_app_prod | java.lang.NullPointerException: null
dictionary_app_prod | at java.net.URI$Parser.parse(URI.java:3042) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.<init>(URI.java:588) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.create(URI.java:850) ~[na:1.8.0_212]
dictionary_app_prod | at org.apache.http.client.methods.HttpGet.<init>(HttpGet.java:66) ~[httpclient-4.5.8.jar!/:4.5.8]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:97) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
My docker-compose file:
volumes:
mysql-data:
driver: local
mysql-log:
driver: local
mysql-conf:
driver: local
postgres_data:
driver: local
mysql_data:
driver: local
services:
dictionary_app_prod:
container_name: dictionary_app_prod
build:
context: .
dockerfile: Dockerfile
restart: always
ports:
- 8888:8082
depends_on:
- "dictionary_app_prod_mysql_test" # This service depends on mysql. Start that first.
- "dictionary_app_prod_mongo"
- "dictionary_app_prod_keycloak"
environment:
SPRING_DATASOURCE_URL: jdbc:mysql://dictionary_app_prod_mysql_test:3306/general?useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false&allowPublicKeyRetrieval=true
SPRING_DATA_MONGODB_URI: mongodb://springboot-mongo:27017/mongodb
dictionary_app_prod_mysql_test:
image: mysql:5.7
volumes:
- "mysql-data:/var/lib/mysql"
- "mysql-log:/var/log/mysql"
- "mysql-conf:/etc/mysql/conf.d"
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: general
MYSQL_USER: root
MYSQL_PASSWORD: root
dictionary_app_prod_mongo:
image: mongo
container_name: springboot-mongo
ports:
- 27017:27017
volumes:
- $HOME/data/springboot-mongo-data:/data/db
- $HOME/data/springboot-mongo-bkp:/data/bkp
restart: always
dictionary_app_prod_keycloak:
image: jboss/keycloak
environment:
DB_VENDOR: MYSQL
DB_ADDR: dictionary_app_prod_mysql_test
DB_DATABASE: general
DB_USER: root
DB_PASSWORD: root
KEYCLOAK_USER: test
KEYCLOAK_PASSWORD: test
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
JDBC_PARAMS: "useSSL=false"
ports:
- 8080:8080
depends_on:
- dictionary_app_prod_mysql_test
Keycloak config:
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
class KeycloakConfig extends KeycloakWebSecurityConfigurerAdapter {
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement()
.and()
.authorizeRequests()
//.antMatchers("/admin/**").hasRole("ADMIN")
//.antMatchers("/library/**").hasRole("USER")
.anyRequest().permitAll();
}
}
application.properties:
keycloak.auth-server-url=http://dictionary_app_prod_keycloak:8080/auth
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.use-resource-role-mappings=true
