Stirling-Tools/Stirling-PDF

[Bug]: Dragged down when oAuth is temporarily unreachable

VincentSC opened this issue · 2 comments

Installation Method

None

The Problem

When our Keycloak was offline or unreachable, Stirling PDF also crashed.

Expected behavior: just log out.

Version of Stirling-PDF

0.28.3

Last Working Version of Stirling-PDF

No response

Page Where the Problem Occurred

No response

Docker Configuration

No response

Relevant Log Output

Stirling-PDF  | Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception with message: Unable to resolve Configuration with the provided Issuer of "https://<keycloak>/auth/realms/master"
Stirling-PDF  | 	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:178)
Stirling-PDF  | 	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:644)
Stirling-PDF  | 	... 119 common frames omitted
Stirling-PDF  | Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://<keycloak>/auth/realms/master"
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:228)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromIssuerLocation(ClientRegistrations.java:152)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration.oidcClientRegistration(SecurityConfiguration.java:322)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration.clientRegistrationRepository(SecurityConfiguration.java:212)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$0.CGLIB$clientRegistrationRepository$5(<generated>)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
Stirling-PDF  | 	at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
Stirling-PDF  | 	at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:348)
Stirling-PDF  | 	at stirling.software.SPDF.config.security.SecurityConfiguration$$SpringCGLIB$$0.clientRegistrationRepository(<generated>)
Stirling-PDF  | 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
Stirling-PDF  | 	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
Stirling-PDF  | 	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:146)
Stirling-PDF  | 	... 120 common frames omitted
Stirling-PDF  | Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://<keycloak>/auth/realms/master/.well-known/openid-configuration": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:915)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:895)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:740)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.lambda$oidc$0(ClientRegistrations.java:163)
Stirling-PDF  | 	at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:216)
Stirling-PDF  | 	... 131 common frames omitted
Stirling-PDF  | Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
Stirling-PDF  | 	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
Stirling-PDF  | 	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
Stirling-PDF  | 	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
Stirling-PDF  | 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
Stirling-PDF  | 	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
Stirling-PDF  | 	at org.springframework.http.client.SimpleClientHttpRequest.executeInternal(SimpleClientHttpRequest.java:79)
Stirling-PDF  | 	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:70)
Stirling-PDF  | 	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
Stirling-PDF  | 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:889)
Stirling-PDF  | 	... 134 common frames omitted
Stirling-PDF  | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
Stirling-PDF  | 	at java.base/sun.security.validator.Validator.validate(Validator.java:256)
Stirling-PDF  | 	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
Stirling-PDF  | 	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
Stirling-PDF  | 	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1302)
Stirling-PDF  | 	... 152 common frames omitted
Stirling-PDF  | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Stirling-PDF  | 	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
Stirling-PDF  | 	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
Stirling-PDF  | 	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
Stirling-PDF  | 	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
Stirling-PDF  | 	... 157 common frames omitted

Additional Information

No response

Browsers Affected

No response

No Duplicate of the Issue

  • I have verified that there are no existing issues raised related to my problem.

@Frooodle should what he said be the correct behavior?

Correct Auth should fail, and any user of that should be deauthorised

If this was a authentication attempt it should fail but not crash app