-
Type:
Bug
-
Status: In Progress
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2023.0, 2021.42
-
Component/s: Authentication
-
Release Notes Summary:Fix HTTP 500 when running an unauthenticated request against REST API with Keycloak authentication.
-
Tags:
-
Backlog priority:700
-
Sprint:nxplatform #109, nxplatform #110, nxplatform #111
-
Story Points:3
Steps to reproduce:
- Start keycloak
docker run --name test-keycloak19.0.3 -d -p 8087:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:19.0.3 start-dev
- import the attached realm nuxeo-realm.json (not really required)
- Install nuxeo-keycloak addon and configure the nuxeo.conf properties
nuxeo.keycloak.realm=nuxeorealm nuxeo.keycloak.resource=nuxeo nuxeo.keycloak.sslRequired=none nuxeo.keycloak.publicClient=false nuxeo.keycloak.confidentialPort=0 nuxeo.keycloak.authServerUrl=http://localhost:8087 nuxeo.keycloak.credentials.secret=eGEPEQNIH5AYUn5DflXoPMaNj4v1lotl
- Start Nuxeo
- Run this command
curl -v -s -X POST "http://localhost:8080/nuxeo/site/automation/Auth.LoginAs" -d '{"params":{},"context":{}}' -H 'Content-Type: application/json'--compressed --insecure - Observe the response with HTTP 500
- Observe also the error in the logs
ERROR [WebEngineExceptionMapper] java.lang.IllegalStateException: Not authenticated user is trying to get a core session java.lang.IllegalStateException: Not authenticated user is trying to get a core session at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.createSession(CoreSessionProvider.java:66) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.getSessionRef(CoreSessionProvider.java:54) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.getSession(CoreSessionProvider.java:61) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.jaxrs.session.SessionFactory.getSession(SessionFactory.java:109) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.jaxrs.session.SessionFactory.getSession(SessionFactory.java:105) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.jaxrs.session.SessionFactory.getSession(SessionFactory.java:92) ~[nuxeo-webengine-jaxrs-2023.1.20.jar:?] at org.nuxeo.ecm.automation.server.jaxrs.CoreSessionProvider.getValue(CoreSessionProvider.java:39) ~[nuxeo-automation-server-2023.0.159.jar:?] at org.nuxeo.ecm.automation.server.jaxrs.CoreSessionProvider.getValue(CoreSessionProvider.java:35) ~[nuxeo-automation-server-2023.0.159.jar:?] at com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable$1.getValue(AbstractHttpContextInjectable.java:104) ~[jersey-server-1.19.4.jar:1.19.4] at com.sun.jersey.server.spi.component.ResourceComponentInjector.inject(ResourceComponentInjector.java:222) ~[jersey-server-1.19.4.jar:1.19.4] at com.sun.jersey.server.spi.component.ResourceComponentConstructor.construct(ResourceComponentConstructor.java:234) ~[jersey-server-1.19.4.jar:1.19.4] at org.nuxeo.ecm.webengine.model.impl.AbstractResourceType.newInstance(AbstractResourceType.java:132) ~[nuxeo-webengine-core-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.model.impl.AbstractWebContext.newObject(AbstractWebContext.java:332) ~[nuxeo-webengine-core-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.model.impl.AbstractWebContext.newObject(AbstractWebContext.java:327) ~[nuxeo-webengine-core-2023.1.20.jar:?] at org.nuxeo.ecm.webengine.model.impl.AbstractResource.newObject(AbstractResource.java:262) ~[nuxeo-webengine-core-2023.1.20.jar:?] at org.nuxeo.ecm.automation.server.jaxrs.AutomationResource.getExecutable(AutomationResource.java:144) ~[nuxeo-automation-server-2023.0.159.jar:?]
Expected behavior: the unauthenticated request should request a HTTP 401
- is caused by
-
NXP-30507 Skip handleLogin when HTTP response has already been commited
-
- Resolved
-