Keycloak管理客户端以“错误请求"响应以尝试列出领域 [英] Keycloak admin client responds with Bad Request to attempt to list realms
问题描述
我试图通过尝试使用Java admin客户端作为admin用户列出领域来简单地测试Keycloak的新实例(在Docker容器中运行)的运行状况.但这由于 HTTP 400错误请求而反复失败,这显然是在客户端尝试获取访问令牌时.我该如何配置Keycloak或管理客户端来执行此简单查询?
I am attempting a simple test of the health of a fresh instance of Keycloak (running in a Docker container, it so happens), by trying to list the realms using the Java admin client as the admin user. But this repeatedly fails due to an HTTP 400 Bad Request, apparently when the client is attempting to get an access token. How must I configure Keycloak, or the admin client, to do this simple query?
因此,失败的堆栈跟踪为:
The stack-trace of the failure is thus:
java.lang.AssertionError: Able to list realms
at [MyClass].listRealms([MyClass].java:69)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:688)
[junit stack-trace]
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:75)
at org.eclipse.jdt.internal.junit5.runner.JUnit5TestReference.run(JUnit5TestReference.java:98)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:542)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:770)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:464)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:210)
Caused by: javax.ws.rs.ProcessingException: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:603)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:440)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:149)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy45.findAll(Unknown Source)
at [MyClass].listRealms([MyClass].java:67)
... 67 more
Caused by: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:219)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195)
at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy43.grantToken(Unknown Source)
at org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:90)
at org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:70)
at org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:65)
at org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:590)
... 73 more
执行查询的关键代码是这样:
The crucial code doing the query is this:
public void listRealms() {
try (var keycloak = container.getKeycloakInstance()) {
final List<RealmRepresentation> realms;
try {
realms = keycloak.realms().findAll();
} catch (final Exception e) {// provide better diagnostics
throw new AssertionError("Able to list realms", e);
}
assertThat(realms, not(empty()));
}
}
并因此创建了 Keycloak 实例:
private static final String ADMIN_USER = "admin";
private static final String ADMIN_PASSWORD = "letmein";
private static final String ADMIN_REALM = "master";
private static final String ADMIN_CLIENT_ID = null;
...
public Keycloak getKeycloakInstance() {
return Keycloak.getInstance(getUri().toASCIIString(), ADMIN_REALM,
ADMIN_USER, ADMIN_PASSWORD, ADMIN_CLIENT_ID);
}
该测试失败恰巧是在Eclipse中运行测试时.但是,当我使用Maven(即使用 maven-failsafe-plugin )运行测试时,也会出现问题.
That test failure happens to be when running the test in Eclipse. But the problem also occurs when I run the test using Maven (that is, using the maven-failsafe-plugin).
如果我
- 使用不存在的客户端ID,而不是使用空客户端ID(在这种情况下,我希望未找到 HTTP 404 )
- 使用错误的密码(在这种情况下,我希望使用 HTTP 401未经授权或禁止使用HTTP 403 )
我使用的URL似乎是正确的,因为如果我故意使用不正确的URL路径,则会得到预期的 HTTP 404 Not Found 失败模式,并且如果我故意使用不正确的主机名,获取预期的 UnknownHostException .
The URL I am using seems to be correct, because if I deliberately use an incorrect URL path I get the expected HTTP 404 Not Found failure mode, and if I deliberately use an incorrect host name I get the expected UnknownHostException.
此问题出现在密钥斗篷版本 11.0.2 (撰写本文时为当前版本)时,也发生在版本 11.0.0 中.
This problem occurs with Key cloak version 11.0.2 (the current version at the time of writing) and also occurred with version 11.0.0.
推荐答案
尽管Keycloak会自动创建具有多个客户端ID的 master 领域,并且您可以自动设置管理员用户,但看起来不能与Java admin客户端一起使用.相反,您必须创建(或导入)领域和客户端ID,然后可以在创建 Keycloak 实例时指出该ID.然后Keycloak不会抱怨 Bad Request .
Although Keycloak automatically creates a master realm, with several client IDs, and you can automate setting up an admin user, its seems you can not use those with the Java admin client. You must instead create (or import) a realm and client ID, which you can then indicate when you create the Keycloak instance. Keycloak will not then complain about a Bad Request.
这篇关于Keycloak管理客户端以“错误请求"响应以尝试列出领域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
