I notice that during JWT introspection for only one request the endpoint is called two times for!!! Does anybody know why is that and how to prevent that.
[0m [32m09:03:52,808 DEBUG [io.undertow.request] (default I/O-2) Matched prefix path /api for path /api/hello
[0m09:03:52,808 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /api
[0m [32m09:03:52,808 DEBUG [io.undertow.request.security] (default task-1) Security constraints for request /api/hello are [SingleConstraintMatch{emptyRoleSemantic=PERMIT, requiredRoles=[]}]
[0m09:03:52,808 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /api
[0m09:03:52,809 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
[0m09:03:52,809 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
[0m09:03:52,809 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@39d896cc] for mechanism [BEARER_TOKEN]
[0m09:03:52,809 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='
eap-app-dreq-sso.apps.dev-pg.clusters.adcubum.com' protocol='http'
[0m09:03:52,809 TRACE [org.wildfly.security] (default task-1) Evidence verification: evidence = org.wildfly.security.evidence.BearerTokenEvidence@56fced18 evidencePrincipal = null
[0m [32m09:03:52,809 DEBUG [org.wildfly.security] (default task-1)
Opening connection to token introspection endpoint [
http://rhsso-application-adcubum-syrius.dreq-sso.svc.cluster.local:8080/auth/realms/adcubum-syrius/protocol/openid-connect/token/introspect]
[0m [32m09:03:52,825 DEBUG [org.wildfly.security] (default task-1)
Opening connection to token introspection endpoint [
http://rhsso-application-adcubum-syrius.dreq-sso.svc.cluster.local:8080/auth/realms/adcubum-syrius/protocol/openid-connect/token/introspect]
[0m09:03:52,827 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [f1testuser] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
[0m09:03:52,828 TRACE [org.wildfly.security] (default task-1) Authorizing principal f1testuser.
[0m09:03:52,829 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [sub, email_verified, allowed-origins, iss, active, typ, Roles, preferred_username, client_id, aud, acr, realm_access, azp, scope, exp, session_state, iat, jti, username] => [46f5706a-e3c3-401f-8881-6b31c432a95f, false,
http://app1.dreq-sso.apps.dev-pg.clusters.adcubum.com,
http://syrius-erp-application-server.dreq-sso.apps.dev-pg.clusters.adcubum.com,
http://syrius-erp-presentation-server.dreq-sso.apps.dev-pg.clusters.adcubum.com,
http://sso-adcubum-syrius.dreq-sso.apps.dev-pg.clusters.adcubum.com/auth/realms/adcubum-syrius, true, Bearer, user, f1testuser, apigateway, apigateway, syrius-erp-presentation-server-oauth2-client, app1, syrius-erp-application-server-oauth2-client, syrius-demoapplication-fbi-bl, 1, {"roles":["user"]}, apigateway, email user profile, 1614701950, 1ff4309c-dba3-4e41-bd53-287a0b4a1697, 1614671950, 429c8d4c-db9d-4dec-acf2-a9643c62be23, f1testuser]
[0m09:03:52,831 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [f1testuser] with roles [] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
[0m09:03:52,831 TRACE [org.wildfly.security] (default task-1) Authorization succeed
[0m09:03:52,831 TRACE [org.wildfly.security] (default task-1) Handling AuthorizeCallback: authenticationID = null authorizationID = null authorized = true
[0m [32m09:03:52,831 DEBUG [org.wildfly.security.http.bearer] (default task-1) Token authentication successful.
[0m09:03:52,831 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
[0m09:03:52,831 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=f1testuser, securityDomain=org.wildfly.security.auth.server.SecurityDomain@4ddbe2bf, authorizationIdentity=org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity$1@5da1cf01, realmInfo=RealmInfo{name='jwt-realm', securityRealm=org.wildfly.security.auth.realm.token.TokenSecurityRealm@61009232}, creationTime=2021-03-02T09:03:52.827Z}
[0m09:03:52,832 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [f1testuser] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
[0m [32m09:03:52,832 DEBUG [io.undertow.request.security] (default task-1) Authenticated as f1testuser, roles []
[0m [32m09:
/subsystem=elytron/security-domain=jwt-domain:add(realms=[{realm=jwt-realm,role-decoder=groups-to-roles}], permission-mapper=default-permission-mapper, default-realm=jwt-realm)
/subsystem=elytron/http-authentication-factory=jwt-http-authentication:add(security-domain=jwt-domain, http-server-mechanism-factory=global, mechanism-configurations=[{mechanism-name="BEARER_TOKEN", mechanism-realm-configurations=[{realm-name="jwt-realm"}]}])
/subsystem=undertow/application-security-domain=jwt-domain:add(http-authentication-factory=jwt-http-authentication)
/subsystem=undertow:write-attribute(name=default-security-domain, value="jwt-domain")