Hi,
I’m trying to implement OpenId Connect with Payara 5.2021-4 and Keycloak 17.0.1
I’m using the @OpenIdAuthenticationDefinition annotation as described in OpenID Connect Support :: Payara Community Documentation
I’m defining secured resources via web.xml, something like
secure pages
/cms/*
myRole
If the keycloak server is up and running, it all works as expected: I can access public URLs without authentication and I am being redirected to keycloak if I go to a secure URL.
However if the keycloak server is down, I cannot access any URL - I’m getting a 500 Error page and the logs show that the payara server is trying and failing to get the open-id configuration from Keycloak .
Is there a way I can avoid this behaviour? I’m tempted to report it as a bug because it is surprising and not in a good way
Thanx,
Ana
JASPIC: http msg authentication fail
javax.ws.rs.ProcessingException: java.net.ConnectException: ConnectException invoking http://localhost:8180/realms/bkm-vis/.well-known/openid-configuration: Connection refused: connect
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:556)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:538)
at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1135)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1085)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:883)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:854)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:417)
at org.apache.cxf.jaxrs.client.WebClient$SyncInvokerImpl.method(WebClient.java:1609)
at org.apache.cxf.jaxrs.client.WebClient$SyncInvokerImpl.method(WebClient.java:1604)
at org.apache.cxf.jaxrs.client.WebClient$SyncInvokerImpl.get(WebClient.java:1524)
at org.apache.cxf.jaxrs.client.spec.InvocationBuilderImpl.get(InvocationBuilderImpl.java:80)
at fish.payara.security.openid.controller.ProviderMetadataContoller.getDocument(ProviderMetadataContoller.java:95)
at fish.payara.security.openid.controller.ProviderMetadataContoller$Proxy$_$$_WeldClientProxy.getDocument(Unknown Source)
at fish.payara.security.openid.controller.ConfigurationController.buildConfig(ConfigurationController.java:140)
at fish.payara.security.openid.controller.ConfigurationController$Proxy$_$$_WeldClientProxy.buildConfig(Unknown Source)
at fish.payara.security.openid.OpenIdAuthenticationMechanism.setConfiguration(OpenIdAuthenticationMechanism.java:194)
at fish.payara.security.openid.OpenIdExtension.lambda$null$1(OpenIdExtension.java:144)
at org.glassfish.soteria.cdi.CdiProducer.create(CdiProducer.java:104)
at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96)
at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102)
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105)
at org.jboss.weldx.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism$37414984$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)
at org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:151)
at org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)
at com.sun.web.security.realmadapter.JaspicRealm.validateRequest(JaspicRealm.java:391)
at com.sun.web.security.realmadapter.JaspicRealm.validateRequest(JaspicRealm.java:358)
at com.sun.web.security.realmadapter.JaspicRealm.validateRequest(JaspicRealm.java:181)
at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:487)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:468)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:726)
at org.apache.catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:581)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:182)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:156)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:218)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:95)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:260)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:177)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:109)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:88)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:53)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:524)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:94)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:33)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:114)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
at java.base/java.lang.Thread.run(Thread.java:829)
…