Unable to define properties which start with keycloak. keycloak-spring-boot-starter starter jar fails to load the properties if it observes keycloak properties which aren't known to the jar. The issue gets resolved if we prefix "sso
" to the properties, is there a way to avoid this error even when keeping the keycloak prefixes.
keycloak.admin.username=
keycloak.admin.password=
sso.keycloak.admin.username=
sso.keycloak.admin.password=
this is the error seen with Spring Boot 2.5.0 and Keycloak 13.0.0
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
... 21 more
Caused by: java.lang.NullPointerException
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterAtOffsetOf(HttpSecurity.java:2654)
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterAfter(HttpSecurity.java:2645)
at org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter.configure(KeycloakWebSecurityConfigurerAdapter.java:123)
at com.foo.config.KeycloakSecurityConfig.configure(KeycloakSecurityConfig.java:36)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:217)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:93)
at com.foo.config.KeycloakSecurityConfig$$EnhancerBySpringCGLIB$$501f46fb.init(<generated>)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:338)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:300)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:127)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
user-created . conf file. keycloak. conf file located in the conf directory.
Keycloak provides implementations of OpenID Connect and SAML 2.0. Realm. Provides realm and application meta-data. Keycloak provides implementations for Relational Databases and MongoDB. Realm Cache.
This error was introduced in version 5.5.0 of Spring Security which comes with Spring Boot 2.5.0. This is happening because KeyCloak adds two filters successively after another, like this:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class)
...
}
And there's a bug right now in which the custom filter order is not being persisted, thus resulting in a NullPointerException
when trying to add a filter relative to another custom filter recently added.
What I advise you to do right now is to use a lower version of Spring Boot, like 2.4.x until the issue in GitHub gets resolved.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With