Stirling-PDF icon indicating copy to clipboard operation
Stirling-PDF copied to clipboard
verified publisher icon Stirling-Tools

[Bug]: Dragged down when oAuth is temporarily unreachable

Open VincentSC opened this issue 1 year ago • 2 comments

Installation Method

None

The Problem

When our Keycloak was offline or unreachable, Stirling PDF also crashed.

Expected behavior: just log out.

Version of Stirling-PDF

0.28.3

Last Working Version of Stirling-PDF

No response

Page Where the Problem Occurred

No response

Docker Configuration

No response

Relevant Log Output

Stirling-PDF  | Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception with message: Unable to resolve Configuration with the provided Issuer of "https://<keycloak>/auth/realms/master"
Stirling-PDF  | 	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:178)
Stirling-PDF  | 	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:644)
Stirling-PDF  | 	... 119 common frames omitted
Stirling-PDF  | Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://<keycloak>/auth/realms/master"
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:228)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromIssuerLocation(ClientRegistrations.java:152)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration.oidcClientRegistration(SecurityConfiguration.java:322)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration.clientRegistrationRepository(SecurityConfiguration.java:212)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$0.CGLIB$clientRegistrationRepository$5(<generated>)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
Stirling-PDF  | 	at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
Stirling-PDF  | 	at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:348)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$0.clientRegistrationRepository(<generated>)
Stirling-PDF  | 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
Stirling-PDF  | 	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
Stirling-PDF  | 	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:146)
Stirling-PDF  | 	... 120 common frames omitted
Stirling-PDF  | Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://<keycloak>/auth/realms/master/.well-known/openid-configuration": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:915)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:895)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:740)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.lambda$oidc$0(ClientRegistrations.java:163)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:216)
Stirling-PDF  | 	... 131 common frames omitted
Stirling-PDF  | Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
Stirling-PDF  | 	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
Stirling-PDF  | 	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
Stirling-PDF  | 	at org.springframework.http.client.SimpleClientHttpRequest.executeInternal(SimpleClientHttpRequest.java:79)
Stirling-PDF  | 	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:70)
Stirling-PDF  | 	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:889)
Stirling-PDF  | 	... 134 common frames omitted
Stirling-PDF  | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
Stirling-PDF  | 	at java.base/sun.security.validator.Validator.validate(Validator.java:256)
Stirling-PDF  | 	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
Stirling-PDF  | 	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1302)
Stirling-PDF  | 	... 152 common frames omitted
Stirling-PDF  | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
Stirling-PDF  | 	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
Stirling-PDF  | 	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
Stirling-PDF  | 	... 157 common frames omitted

Additional Information

No response

Browsers Affected

No response

No Duplicate of the Issue

  • [X] I have verified that there are no existing issues raised related to my problem.

VincentSC avatar Sep 18 '24 08:09 VincentSC

@Frooodle should what he said be the correct behavior?

iib0011 avatar Sep 30 '24 13:09 iib0011

Correct Auth should fail, and any user of that should be deauthorised

If this was a authentication attempt it should fail but not crash app

Frooodle avatar Sep 30 '24 13:09 Frooodle

If the provider fails, the user remains logged in until they log out or the session expires (in the application). A crash is not possible while the application is running. The provider data is read when the application starts and passed on to the application accordingly.

Ludy87 avatar Jan 19 '25 19:01 Ludy87