Integration Error
srinathganesh1 opened this issue · comments
Updated with latest status (removed some irreverent things):
modules/flowable-ui-modeler/flowable-ui-modeler-conf/src/main/java/org/flowable/ui/modeler/conf/SecurityConfiguration.java
(I was not able to directly replace the class name, since new class name had one extra parameter)
modules/flowable-ui-modeler/flowable-ui-modeler-app/src/main/resources/flowable-default.properties
User Permission
Service Account
I had to add view-users from the auto generated master-realm to do away with token error
Error after signin (there are no logs generated for this in flowable and keycloak)
Your client setup in keycloak needs to have:
Service Accountsenabled- The
view-usersandview-groupsscopes in both client scopes and service account scopes.
I can detail more what to do if you want.
I tried setting the scope and service account, and a few more configs. It still didn't work. Updated original post (since 403 stopped coming somehow)
Do you have a sample demo project? or a sample configuration for keycloak
Update: I made this change
and I am getting error
Can you show me the logs from keycloak?
Can you show me the logs from keycloak?
sure will post them.
I will shortly update the original post will all my configuration again (instead of two comments)
Flowable Logs
2020-03-31 16:46:20.360 INFO 19732 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/flowable-modeler] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2020-03-31 16:46:20.360 INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2020-03-31 16:46:20.408 INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 43 ms
Keycloak Logs: Nothing getting logged.
I have updated original post with the latest configs #1 (comment)
I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.
But it will take some time. Maybe next week. Sorry.
I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.
But it will take some time. Maybe next week. Sorry.
Ok thank you. does my current configs looks fine?
Yes, it looks fine. Maybe there's something missing in the SecurityConfiguration. But I need some time to test this.
Yes, it looks fine. Maybe there's something missing in the
SecurityConfiguration. But I need some time to test this.
Ok thanks
@srinathganesh1 can you checkout this commit: premium-minds/flowable-keycloak-example@69dda8c
This example is working for flowable-ui-modeler.
@ajcamilo @srinathganesh1 Is this issue fixed?
I got the same issue - RESTEASY003210: Could not find resource for full path: http://localhost:8080/flowable-task
@krishnakumar-ls I've only did the modifications in the project flowable-ui-modeler, but if you need for the other projects, just do the same changes from this commit: premium-minds/flowable-keycloak-example@69dda8c?
@ajcamilo I did the changes in flowable-task project as per this commit premium-minds/flowable-keycloak-example@69dda8c
But still I got the same issue(RESTEASY003210: Could not find resource for full path).
I'll try to get some time in the weekend to check that out, ok?
@krishnakumar-ls what is the version of flowable you are using?
@ajcamilo Got 404 error for the URL 'http://localhost:8080/flowable-task/' after redirect from keycloak auth server.
Sorry for the delay @krishnakumar-ls
Checkout the new version of premium-minds/flowable-keycloak-example@9d1314a
Now flowable-task uses keycloak authentication.
@ajcamilo Thank you! I will try this checkout premium-minds/flowable-keycloak-example@9d1314a
Can you you share me the configuration changes in flowable-ui-*-app>src>main>docker>docker-compose.yml to build a flowable docker image.
add the following to the environment part of the flowable app:
- KEYCLOAK_URL=<url to keycloak>
- KEYCLOAK_REALM=<keycloak realm>
- KEYCLOAK_ISSUER-URL=<issuer url>
- KEYCLOAK_CLIENT_CLIENT-ID=<client id>
- KEYCLOAK_CLIENT_CLIENT-SECRET=<client secret>
@srinathganesh1 hi, have you solved your problem?
@ajcamilo hi, I have a problem , when I run flowable-ui-modeler project there is an error in the program,can you tell me the reason? thank you .
Caused by: java.lang.ClassNotFoundException: com.premiumminds.flowable.conf.KeycloakProperties
at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[?:1.8.0_161]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[?:1.8.0_161]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:338) ~[?:1.8.0_161]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161]
at org.springframework.boot.devtools.restart.classloader.RestartClassLoader.loadClass(RestartClassLoader.java:144) ~[spring-boot-devtools-2.2.2.RELEASE.jar:2.2.2.RELEASE]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161]
at java.lang.Class.getDeclaredMethods0(Native Method) ~[?:1.8.0_161]
at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) ~[?:1.8.0_161]
at java.lang.Class.getDeclaredMethods(Class.java:1975) ~[?:1.8.0_161]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:463) ~[spring-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
... 26 more
Process finished with exit code 0
@Sanlisi, did you check this out? https://github.com/premium-minds/flowable-keycloak-example
You can see this commit premium-minds/flowable-keycloak-example@69dda8c
It has all the changes needed to the flowable project for the modeler to work with keycloak.
@ajcamilo hi, yesterday’s problem has been solved, but when I access: "localhost:8888/flowable-modeler",the following error occurred,
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Sat Oct 10 09:42:06 CST 2020
There was an unexpected error (type=Internal Server Error, status=500).
javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
com.google.common.util.concurrent.UncheckedExecutionException: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2051)
at com.google.common.cache.LocalCache.get(LocalCache.java:3951)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
at com.premiumminds.flowable.service.KeycloakServiceImpl.getUser(KeycloakServiceImpl.java:154)
at com.premiumminds.flowable.filter.AuthenticationHandler.authenticationCallbackHandler(AuthenticationHandler.java:115)
at com.premiumminds.flowable.filter.KeycloakCookieFilter.doFilterInternal(KeycloakCookieFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1591)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:223)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195)
at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy154.toRepresentation(Unknown Source)
at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:90)
at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:86)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
... 57 more
so , I have some questions:
- can you give me some images of keycloak ui ?
- What does mean of “The view-users and view-groups scopes in both client scopes and service account scopes.” ? and where to set up it ? ------
- keycloak.client.scope = openid roles ------ Where to set up openid roles?
thank you.
@Sanlisi This exception is raised due to user permission issue. You have to add client service account roles by click client -> select 'Service Account Roles' tab -> Add client roles
& have to add client role mapping by click user -> select 'Role Mapping' -> add client roles
@krishnakumar-ls @ajcamilo Sorry, I tried your method, but it still doesn’t work,so can you give me a complete images of
keycloak ui ?
Currently my configuration is like this
Can you give me your email? thank you very much
@ajcamilo @srinathganesh1 hi , according to your prompt, yesterday’s problem has been solved, but I encountered a new problem,when I visit the page:http://localhost:8888/flowable-modeler, as if the page has been refreshing,Why is that?
Where does Kaycloak UI need to be configured? thank you very much。
Sorry to jump the topic in a different direction (still related to keycloak SSO)
I have not personally tried it, but based on release notes it seems latest flowable has built in keycloak support
- Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/
- Quote: "Support for OAuth2 authentication is added to the Flowable UI App, with Keycloak as an example implementation."
@srinathganesh1 @ajcamilo the problem has been solved,I use the 6.6 version,Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/ ,thank you very much