Integration Error
srinathganesh1 opened this issue · comments
Updated with latest status (removed some irreverent things):
modules/flowable-ui-modeler/flowable-ui-modeler-conf/src/main/java/org/flowable/ui/modeler/conf/SecurityConfiguration.java
(I was not able to directly replace the class name, since new class name had one extra parameter)
modules/flowable-ui-modeler/flowable-ui-modeler-app/src/main/resources/flowable-default.properties
I had to add view-users from the auto generated master-realm to do away with token error
Error after signin (there are no logs generated for this in flowable and keycloak)
Your client setup in keycloak needs to have:
Service Accounts
enabled- The
view-users
andview-groups
scopes in both client scopes and service account scopes.
I can detail more what to do if you want.
I tried setting the scope and service account, and a few more configs. It still didn't work. Updated original post (since 403 stopped coming somehow)
Do you have a sample demo project? or a sample configuration for keycloak
Can you show me the logs from keycloak?
Can you show me the logs from keycloak?
sure will post them.
I will shortly update the original post will all my configuration again (instead of two comments)
Flowable Logs
2020-03-31 16:46:20.360 INFO 19732 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/flowable-modeler] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2020-03-31 16:46:20.360 INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2020-03-31 16:46:20.408 INFO 19732 --- [nio-8080-exec-5] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 43 ms
Keycloak Logs: Nothing getting logged.
I have updated original post with the latest configs #1 (comment)
I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.
But it will take some time. Maybe next week. Sorry.
I'll make a sample project from https://github.com/flowable/flowable-engine/tree/master/modules/flowable-ui-modeler.
But it will take some time. Maybe next week. Sorry.
Ok thank you. does my current configs looks fine?
Yes, it looks fine. Maybe there's something missing in the SecurityConfiguration
. But I need some time to test this.
Yes, it looks fine. Maybe there's something missing in the
SecurityConfiguration
. But I need some time to test this.
Ok thanks
@srinathganesh1 can you checkout this commit: premium-minds/flowable-keycloak-example@69dda8c
This example is working for flowable-ui-modeler
.
@ajcamilo @srinathganesh1 Is this issue fixed?
I got the same issue - RESTEASY003210: Could not find resource for full path: http://localhost:8080/flowable-task
@krishnakumar-ls I've only did the modifications in the project flowable-ui-modeler, but if you need for the other projects, just do the same changes from this commit: premium-minds/flowable-keycloak-example@69dda8c?
@ajcamilo I did the changes in flowable-task project as per this commit premium-minds/flowable-keycloak-example@69dda8c
But still I got the same issue(RESTEASY003210: Could not find resource for full path).
I'll try to get some time in the weekend to check that out, ok?
@krishnakumar-ls what is the version of flowable you are using?
@ajcamilo Got 404 error for the URL 'http://localhost:8080/flowable-task/' after redirect from keycloak auth server.
Sorry for the delay @krishnakumar-ls
Checkout the new version of premium-minds/flowable-keycloak-example@9d1314a
Now flowable-task uses keycloak authentication.
@ajcamilo Thank you! I will try this checkout premium-minds/flowable-keycloak-example@9d1314a
Can you you share me the configuration changes in flowable-ui-*-app>src>main>docker>docker-compose.yml to build a flowable docker image.
add the following to the environment
part of the flowable app:
- KEYCLOAK_URL=<url to keycloak>
- KEYCLOAK_REALM=<keycloak realm>
- KEYCLOAK_ISSUER-URL=<issuer url>
- KEYCLOAK_CLIENT_CLIENT-ID=<client id>
- KEYCLOAK_CLIENT_CLIENT-SECRET=<client secret>
@srinathganesh1 hi, have you solved your problem?
@ajcamilo hi, I have a problem , when I run flowable-ui-modeler project there is an error in the program,can you tell me the reason? thank you .
Caused by: java.lang.ClassNotFoundException: com.premiumminds.flowable.conf.KeycloakProperties
at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[?:1.8.0_161]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[?:1.8.0_161]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:338) ~[?:1.8.0_161]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161]
at org.springframework.boot.devtools.restart.classloader.RestartClassLoader.loadClass(RestartClassLoader.java:144) ~[spring-boot-devtools-2.2.2.RELEASE.jar:2.2.2.RELEASE]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_161]
at java.lang.Class.getDeclaredMethods0(Native Method) ~[?:1.8.0_161]
at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) ~[?:1.8.0_161]
at java.lang.Class.getDeclaredMethods(Class.java:1975) ~[?:1.8.0_161]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:463) ~[spring-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
... 26 more
Process finished with exit code 0
@Sanlisi, did you check this out? https://github.com/premium-minds/flowable-keycloak-example
You can see this commit premium-minds/flowable-keycloak-example@69dda8c
It has all the changes needed to the flowable project for the modeler to work with keycloak.
@ajcamilo hi, yesterday’s problem has been solved, but when I access: "localhost:8888/flowable-modeler",the following error occurred,
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Sat Oct 10 09:42:06 CST 2020
There was an unexpected error (type=Internal Server Error, status=500).
javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
com.google.common.util.concurrent.UncheckedExecutionException: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2051)
at com.google.common.cache.LocalCache.get(LocalCache.java:3951)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
at com.premiumminds.flowable.service.KeycloakServiceImpl.getUser(KeycloakServiceImpl.java:154)
at com.premiumminds.flowable.filter.AuthenticationHandler.authenticationCallbackHandler(AuthenticationHandler.java:115)
at com.premiumminds.flowable.filter.KeycloakCookieFilter.doFilterInternal(KeycloakCookieFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1591)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:223)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195)
at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy154.toRepresentation(Unknown Source)
at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:90)
at com.premiumminds.flowable.service.KeycloakServiceImpl$1.load(KeycloakServiceImpl.java:86)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
... 57 more
so , I have some questions:
- can you give me some images of keycloak ui ?
- What does mean of “The view-users and view-groups scopes in both client scopes and service account scopes.” ? and where to set up it ? ------
- keycloak.client.scope = openid roles ------ Where to set up openid roles?
thank you.
@Sanlisi This exception is raised due to user permission issue. You have to add client service account roles by click client -> select 'Service Account Roles' tab -> Add client roles
& have to add client role mapping by click user -> select 'Role Mapping' -> add client roles
@krishnakumar-ls @ajcamilo Sorry, I tried your method, but it still doesn’t work,so can you give me a complete images of
keycloak ui ?
Currently my configuration is like this
Can you give me your email? thank you very much
@ajcamilo @srinathganesh1 hi , according to your prompt, yesterday’s problem has been solved, but I encountered a new problem,when I visit the page:http://localhost:8888/flowable-modeler, as if the page has been refreshing,Why is that?
Where does Kaycloak UI need to be configured? thank you very much。
Sorry to jump the topic in a different direction (still related to keycloak SSO)
I have not personally tried it, but based on release notes it seems latest flowable has built in keycloak support
- Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/
- Quote: "Support for OAuth2 authentication is added to the Flowable UI App, with Keycloak as an example implementation."
@srinathganesh1 @ajcamilo the problem has been solved,I use the 6.6 version,Ref: https://blog.flowable.org/2020/10/12/flowable-6-6-0-release/ ,thank you very much