Could not lazy load resource with path : Keycloak and Quarkus
355 views
Skip to first unread message
Mark Jayson Gonzaga
Sep 24, 2021, 8:09:05 PM9/24/21
to Quarkus Development mailing list
Hi Team,
Basically, My keycloak and UI are behind the nginx proxy.
server {
listen 80;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
server_name frontend;
index index.html index.html;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
location /auth {
proxy_pass ${KEYCLOAK_URL};
}
location /encoding/ {
proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
add_header "Access-Control-Allow-Origin" $http_origin;
add_header "Access-Control-Allow-Methods" "GET, PUT, POST, DELETE, OPTIONS";
add_header "Access-Control-Allow-Headers" "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers";
proxy_pass ${ENCODING_SERVER_URL};
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
I'm getting this error message even if when testing locally everything is fine,
Could not lazy load resource with path [/encoding] from server: java.lang.RuntimeException: Could not find resource
encode | at org.keycloak.authorization.client.util.Throwables.retryAndWrapExceptionIfNecessary(Throwables.java:91)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:232)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.findByMatchingUri(ProtectedResource.java:291)
encode | at org.keycloak.adapters.authorization.PolicyEnforcer$PathConfigMatcher.matches(PolicyEnforcer.java:272)encode | at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.getPathConfig(AbstractPolicyEnforcer.java:351)
encode | at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.authorize(AbstractPolicyEnforcer.java:72)
encode | at io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerAuthorizer.apply(KeycloakPolicyEnforcerAuthorizer.java:64)
encode | at io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerAuthorizer.apply(KeycloakPolicyEnforcerAuthorizer.java:28)
encode | at io.quarkus.vertx.http.runtime.security.HttpAuthorizer$1$1$1.run(HttpAuthorizer.java:72)
encode | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
encode | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
encode | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
encode | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
encode | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
encode | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
encode | at java.base/java.lang.Thread.run(Thread.java:829)
encode | Caused by: java.lang.RuntimeException: Error executing http method [GET]. Response : null
encode | at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
encode | at org.keycloak.authorization.client.util.HttpMethodResponse$3.execute(HttpMethodResponse.java:68)
encode | at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:226)
encode | at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:222)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:230)
encode | ... 14 more
encode | Caused by: java.net.ConnectException: Connection refused (Connection refused)
encode | at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
encode | at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
encode | at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
encode | at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
encode | at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
encode | at java.base/java.net.Socket.connect(Socket.java:609)
encode | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
encode | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
encode | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
encode | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
encode | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
encode | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
encode | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
encode | at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:84)
encode | ... 18 more
encode |
encode | 2021-09-24 23:52:47,565 DEBUG [org.key.ada.aut.AbstractPolicyEnforcer] (executor-thread-0) Checking permissions for path [http://localhost:9090/encoding] with config [null].
encode | at org.keycloak.authorization.client.util.Throwables.retryAndWrapExceptionIfNecessary(Throwables.java:91)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:232)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.findByMatchingUri(ProtectedResource.java:291)
encode | at org.keycloak.adapters.authorization.PolicyEnforcer$PathConfigMatcher.matches(PolicyEnforcer.java:272)encode | at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.getPathConfig(AbstractPolicyEnforcer.java:351)
encode | at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.authorize(AbstractPolicyEnforcer.java:72)
encode | at io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerAuthorizer.apply(KeycloakPolicyEnforcerAuthorizer.java:64)
encode | at io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerAuthorizer.apply(KeycloakPolicyEnforcerAuthorizer.java:28)
encode | at io.quarkus.vertx.http.runtime.security.HttpAuthorizer$1$1$1.run(HttpAuthorizer.java:72)
encode | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
encode | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
encode | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
encode | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
encode | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
encode | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
encode | at java.base/java.lang.Thread.run(Thread.java:829)
encode | Caused by: java.lang.RuntimeException: Error executing http method [GET]. Response : null
encode | at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
encode | at org.keycloak.authorization.client.util.HttpMethodResponse$3.execute(HttpMethodResponse.java:68)
encode | at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:226)
encode | at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:222)
encode | at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:230)
encode | ... 14 more
encode | Caused by: java.net.ConnectException: Connection refused (Connection refused)
encode | at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
encode | at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
encode | at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
encode | at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
encode | at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
encode | at java.base/java.net.Socket.connect(Socket.java:609)
encode | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
encode | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
encode | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
encode | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
encode | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
encode | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
encode | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
encode | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
encode | at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:84)
encode | ... 18 more
encode |
encode | 2021-09-24 23:52:47,565 DEBUG [org.key.ada.aut.AbstractPolicyEnforcer] (executor-thread-0) Checking permissions for path [http://localhost:9090/encoding] with config [null].
Here is my docker-compose
keycloak:
container_name: keycloak
image: jboss/keycloak
depends_on:
- server-db
ports:
- "8080:8080"
environment:
PROXY_ADDRESS_FORWARDING: true
DB_DATABASE: sohdb
DB_SCHEMA: auth
DB_VENDOR: "POSTGRES"
DB_ADDR: server-db
DB_PORT: 5432
DB_USER: user1
DB_PASSWORD: password1
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_IMPORT: /opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled
volumes:
- ./keycloak/imports:/opt/jboss/keycloak/imports
- ./keycloak/deployments:/opt/jboss/keycloak/standalone/deployments
restart: always
healthcheck:
interval: 30s
timeout: 10s
retries: 5
encoding:
container_name: encode
image: springofhope/encode:1.0.0.PREVIEW
ports:
- "9090:9090"
- "5001:5001"
depends_on:
- server-db
- kafka
# - user
- keycloak
environment:
ORIGINS: "*"
KEYCLOAK_URL: http://keycloak:8080/auth/realms/spring-of-hope
CLIENT_ID: encoding-service
CLIENT_SECRET: fca76f85-0eab-480e-aa12-d05b79762ed7
KEYCLOAK_TLS: none
DB_USER: user1
USER_GRPC: user
USER_PORT: 5000
RELEASE_GRPC: release
DB_PASSWORD: password1
DB_CON: jdbc:postgresql://server-db:5432/sohdb
KAFKA_SERVER: kafka:29092
restart: always
nginx:
container_name: nginx
image: springofhope/application-ui:1.0.0.PREVIEW
ports:
- "8082:80"
command: [nginx-debug, '-g', 'daemon off;']
depends_on:
keycloak:
condition: service_healthy
environment:
NGINX_ENVSUBST_OUTPUT_DIR: /etc/nginx/conf.d
KEYCLOAK_URL: http://keycloak:8080
ENCODING_SERVER_URL: http://localhost:8082
volumes:
- ./logs:/var/log/nginx
restart: always
listen 80;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
server_name frontend;
index index.html index.html;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
location /auth {
proxy_pass ${KEYCLOAK_URL};
}
location /encoding/ {
proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
add_header "Access-Control-Allow-Origin" $http_origin;
add_header "Access-Control-Allow-Methods" "GET, PUT, POST, DELETE, OPTIONS";
add_header "Access-Control-Allow-Headers" "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers";
proxy_pass ${ENCODING_SERVER_URL};
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
Not sure if there is something that I need to do with my Quarkus application and why it is saying it cannot connect even if I was able to inject in the environment variable the right container for my keycloak docker.
Moreover, I just followed this from the keycloak team
Invalid token issuer - Miscellanaeous - Keycloak
Here is the token I got from the log.
"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJuQWQ4UExsMVVPWUJrUi1oZ3ktSkk3dUU3NGJ4V3QyYl8wZzNXa2ZSOUFVIn0.eyJleHAiOjE2MzI1Mjc4NjcsImlhdCI6MTYzMjUyNzU2NywianRpIjoiMmVjMmFiYzUtZjM2NC00MmVmLWI1NTktZjQ3MGNkZmMwZTk4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgyL2F1dGgvcmVhbG1zL3NwcmluZy1vZi1ob3BlIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjBiN2M5YzIyLTRiNWMtNGE3Yi1hOGFhLTU1OTI0ZDg1NWNhYiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImVuY29kaW5nLXNlcnZpY2UiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwiZGVmYXVsdC1yb2xlcy1zcHJpbmctb2YtaG9wZSIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiZW5jb2Rpbmctc2VydmljZSI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjE3Mi4yNC4wLjciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudElkIjoiZW5jb2Rpbmctc2VydmljZSIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1lbmNvZGluZy1zZXJ2aWNlIiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4yNC4wLjcifQ.ihjW6CBgpO2c81_lGI7zy6os4c7xIsRx_aSKuGjy9gdmKwVKOyDDxx3UjebS_5BE1z0Hz0nAJFruHzF5LYH8Ex8WoD91UVCrJ3NnQGPbzdniQa64fy0vlQNAkge_fwenwRyBAoY6zw1Gz03b_QTrtpWiMY-YWHKUvnE-UBQZinKyB9-VBCAb7APYoW16ZNw8Jz_aYi-J6yjRn6tb6uanALVAnkZiJcakO3aG-P1PhGGk14EEZ0AEF_qFZzJ9MNiPqT4nbOQO-_uO7jp9nSOKRarNNd_lFfGYLrH6QRf9eMGmZIkbdyD3P9YSvVCW0oc2U9asAMZlAQ64sLJHW3V29g.
I attached an additional log and the realm to help troubleshoot.
If this is not on the Quarkus side. Please help me understand what is going on so that I could research more and ask the right team for this.
Thanks for the help..
Reply all
Reply to author
Forward
0 new messages