Raedwald
Reputation: 48674
Keycloak admin client responds with Bad Request to attempt to list realms
I am attempting a simple test of the health of a fresh instance of Keycloak (running in a Docker container, it so happens), by trying to list the realms using the Java admin client as the admin user. But this repeatedly fails due to an HTTP 400 Bad Request, apparently when the client is attempting to get an access token. How must I configure Keycloak, or the admin client, to do this simple query?
The stack-trace of the failure is thus:
java.lang.AssertionError: Able to list realms
at [MyClass].listRealms([MyClass].java:69)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:688)
[junit stack-trace]
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:75)
at org.eclipse.jdt.internal.junit5.runner.JUnit5TestReference.run(JUnit5TestReference.java:98)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:542)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:770)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:464)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:210)
Caused by: javax.ws.rs.ProcessingException: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:603)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:440)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:149)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy45.findAll(Unknown Source)
at [MyClass].listRealms([MyClass].java:67)
... 67 more
Caused by: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:219)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195)
at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy43.grantToken(Unknown Source)
at org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:90)
at org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:70)
at org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:65)
at org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:590)
... 73 more
The crucial code doing the query is this:
public void listRealms() {
try (var keycloak = container.getKeycloakInstance()) {
final List<RealmRepresentation> realms;
try {
realms = keycloak.realms().findAll();
} catch (final Exception e) {// provide better diagnostics
throw new AssertionError("Able to list realms", e);
}
assertThat(realms, not(empty()));
}
}
with the Keycloak instance created thus:
private static final String ADMIN_USER = "admin";
private static final String ADMIN_PASSWORD = "letmein";
private static final String ADMIN_REALM = "master";
private static final String ADMIN_CLIENT_ID = null;
...
public Keycloak getKeycloakInstance() {
return Keycloak.getInstance(getUri().toASCIIString(), ADMIN_REALM,
ADMIN_USER, ADMIN_PASSWORD, ADMIN_CLIENT_ID);
}
That test failure happens to be when running the test in Eclipse. But the problem also occurs when I run the test using Maven (that is, using the maven-failsafe-plugin).
The same failure mode (HTTP 400 Bad Request ) also occurs if I
- use a non existent client ID, rather than a null client ID (I would expect HTTP 404 Not Found in that case)
- use the wrong password (I would expect HTTP 401 Unauthorized or HTTP 403 Forbidden in that case)
The URL I am using seems to be correct, because if I deliberately use an incorrect URL path I get the expected HTTP 404 Not Found failure mode, and if I deliberately use an incorrect host name I get the expected UnknownHostException.
This problem occurs with Key cloak version 11.0.2 (the current version at the time of writing) and also occurred with version 11.0.0.
Upvotes: 5
Views: 19940
Answers (4)
Spindoctor
Reputation: 471
I was getting a 400 bad request because I was missing the username which is mandatory.
Upvotes: 0
SebaGQ
Reputation: 21
I had a similar issue, i suddently started to get 400 BadRequest, on keycloack 23.0.3
> 2023-12-29T12:01:55.422-03:00 ERROR 35264 --- [products-service]
> [nio-8081-exec-6] c.m.p.services.impl.KeycloakServiceImpl : Error
> searching for users by email: [email protected]
>
> jakarta.ws.rs.ProcessingException: jakarta.ws.rs.BadRequestException:
> HTTP 400 Bad Request at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:652)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:424)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:134)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:103)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:61)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> jdk.proxy4/jdk.proxy4.$Proxy219.searchByEmail(Unknown Source) ~[na:na]
> at
> com.microservicios.productos.services.impl.KeycloakServiceImpl.searchByEmail(KeycloakServiceImpl.java:90)
> ~[classes/:na] at
> com.microservicios.productos.services.impl.ProductServiceImpl.createProduct(ProductServiceImpl.java:78)
> ~[classes/:na] at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> ~[na:na] at
> java.base/java.lang.reflect.Method.invoke(Method.java:578) ~[na:na]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:352)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
> ~[spring-tx-6.1.1.jar:6.1.1] at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385)
> ~[spring-tx-6.1.1.jar:6.1.1] at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
> ~[spring-tx-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717)
> ~[spring-aop-6.1.1.jar:6.1.1] at
> com.microservicios.productos.services.impl.ProductServiceImpl$$SpringCGLIB$$0.createProduct(<generated>)
> ~[classes/:na] at
> com.microservicios.productos.controllers.ProductController.createProduct(ProductController.java:39)
> ~[classes/:na] at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> ~[na:na] at
> java.base/java.lang.reflect.Method.invoke(Method.java:578) ~[na:na]
> at
> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:254)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:182)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:917)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:829)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
> ~[tomcat-embed-core-10.1.16.jar:6.0] at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
> ~[spring-webmvc-6.1.1.jar:6.1.1] at
> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
> ~[tomcat-embed-core-10.1.16.jar:6.0] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
> ~[tomcat-embed-websocket-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:117)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:145)
> ~[spring-security-oauth2-resource-server-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
> ~[spring-security-web-6.2.0.jar:6.2.0] at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16] at
> java.base/java.lang.Thread.run(Thread.java:1589) ~[na:na] Caused by:
> jakarta.ws.rs.BadRequestException: HTTP 400 Bad Request at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:236)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:216)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:59)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:136)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:103)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:61)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final] at
> jdk.proxy2/jdk.proxy2.$Proxy183.grantToken(Unknown Source) ~[na:na]
> at
> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:99)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3] at
> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:75)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3] at
> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:70)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3] at
> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3] at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:644)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]
Then I realized I accidently turned off the authenticationFLow that I was using for my client. If you have the same issue, make sure you have the correct flow activated.
For example, for this configuration:
> @Configuration public class KeycloackConfig {
> @Bean
> Keycloak keycloak() {
> return KeycloakBuilder.builder()
> .serverUrl("http://localhost:8080")
> .realm("master")
> .clientId("admin-cli")
> .grantType(OAuth2Constants.PASSWORD)
> .username("admin")
> .password("admin")
> .build();
> } }
You must have to activate Direct access grants flow for the admin-cli client in Keycloak. If you are using another type of grant, you must check that the client supports that grant.
Upvotes: 0
Prominence
Reputation: 51
Also, it is important to have the same keycloak-admin-client and keycloak version.
My problem was that I had Keycloak 22.0.0 and org.keycloak:keycloak-admin-client:22.0.3. That's why I've got 400 Bad Request.
Upvotes: 5
Raedwald
Reputation: 48674
Although Keycloak automatically creates a master realm, with several client IDs, and you can automate setting up an admin user, its seems you can not use those with the Java admin client. You must instead create (or import) a realm and client ID, which you can then indicate when you create the Keycloak instance. Keycloak will not then complain about a Bad Request.
Upvotes: 2
Related Questions
- Keycloak returns "404 - Not Found" page
- Keycloak admin client
- Keycloak admin client - javax.ws.rs.ProcessingException: RESTEASY003215
- Am getting status code 401 when access Keycloak users list even after adding realm-management roles
- 403 during user creation using keycloak-admin-client
- NullPointerException on all KeyCloak Admin API Calls
- Keycloak error invalid_client Bearer only not allowed
- Can´t access keycloak due to wrong client password
- Joins with Keycloak java admin client
- Failed adding user by keycloak-admin-client to Keycloak due to "unknown resource"