Error executing http method durring Authorization

[Euklios]

I am trying to set up nexus using keycloak authentication, but are running into an HTTP error.

Environment

Keycloak version: 9.0.2
Nexus version: OSS 3.22.0-02
Plugin version: current master
Keycloak is backed by UCS (LDAP)

Reproduce

1. Running in the cloned repository
2. cd docker
3. docker build -t nexus-oss/nexus3:latest -f Dockerfile ..
4. Create new folder nexus (outside of the git-repository) and place the attached docker-compose.yml and keycloak.json inside
5. docker-compose up -d
6. Follow the default setup as described in the readme

Attachments

• nexus.txt Client exporte
• nexus.log
• docker-compose.yml

version: "3.4"

services:
  nexus:
    image: nexus-oss/nexus3:latest
    volumes:
      - data:/nexus-data
      - ./keycloak.json:/opt/sonatype/nexus/etc/keycloak.json:ro
    networks:
      - nginx
    restart: always

volumes:
  data:

networks:
  nginx:
    external:
      name: nginx

• keycloak.json

{
  "realm": "Realm",
  "auth-server-url": "$(server-url)",
  "ssl-required": "all",
  "resource": "nexus",
  "verify-token-audience": true,
  "credentials": {
    "secret": "$(secret)"
  },
  "confidential-port": 0,
  "policy-enforcer": {}
}

[Euklios]

I did some local testing by calling the method mentioned in the log directly. However, I could not reproduce the exception locally (without a running nexus server)

[hypery2k]

Getting the same error with these log infos:

2020-04-09 17:58:27,994+0200 WARN  [qtp833006182-1645] contact@martinreinhardt-online.de org.sonatype.nexus.rapture.internal.state.StateComponent - Failed to get state from com.google.inject.internal.InjectorImpl$2 (ignored)
java.lang.RuntimeException: Error executing http method [org.apache.http.client.methods.RequestBuilder@3bd9df95].
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.http.HttpMethod.execute(HttpMethod.java:79)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.http.HttpMethodResponse$2.execute(HttpMethodResponse.java:34)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.KeycloakAdminClient.getRealmClient(KeycloakAdminClient.java:99)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.KeycloakAdminClient.getRealmClientRolesOfUser(KeycloakAdminClient.java:229)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.NexusKeycloakClient.findRoleIdsByUserId(NexusKeycloakClient.java:76)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.KeycloakUserManager.completeUserRolesAndSource(KeycloakUserManager.java:87)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.KeycloakUserManager.getUser(KeycloakUserManager.java:81)
	at org.sonatype.nexus.security.internal.DefaultSecuritySystem.findUser(DefaultSecuritySystem.java:335)
	at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:364)
	at org.sonatype.nexus.security.internal.DefaultSecuritySystem.currentUser(DefaultSecuritySystem.java:355)
	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.browseActive(SelectorManagerImpl.java:232)
	at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
	at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:272)
	at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.subjectHasAnyContentSelectorAccessTo(RepositoryPermissionChecker.java:199)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.userCanBrowseRepositories(RepositoryPermissionChecker.java:98)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.userCanBrowseRepositories(RepositoryPermissionChecker.java:136)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker$userCanBrowseRepositories.call(Unknown Source)
	at org.sonatype.nexus.coreui.RepositoryComponent.getBrowseableFormats(RepositoryComponent.groovy:137)
	at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
	at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
	at org.sonatype.nexus.coreui.RepositoryComponent.getState(RepositoryComponent.groovy:149)
	at org.sonatype.nexus.rapture.internal.state.StateComponent.getState(StateComponent.java:87)
	at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
	at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
	at sun.reflect.GeneratedMethodAccessor229.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
	at org.sonatype.nexus.extdirect.internal.ExtDirectDispatcher.invokeMethod(ExtDirectDispatcher.java:82)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
	at com.softwarementors.extjs.djn.router.processor.poll.PollRequestProcessor.process(PollRequestProcessor.java:145)
	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.processPollRequest(ExtDirectServlet.java:262)
	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:636)
	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:595)
	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:137)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181)
	at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:114)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:79)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135)
	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:505)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Error parsing JSON response.
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.http.HttpMethodResponse$2.lambda$0(HttpMethodResponse.java:38)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.http.HttpMethod.execute(HttpMethod.java:74)
	... 114 common frames omitted
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "alwaysDisplayInConsole" (class org.keycloak.representations.idm.ClientRepresentation), not marked as ignorable (42 known properties: "enabled", "clientAuthenticatorType", "redirectUris", "clientId", "authenticationFlowBindingOverrides", "authorizationServicesEnabled", "name", "implicitFlowEnabled", "registeredNodes", "nodeReRegistrationTimeout", "publicClient", "attributes", "protocol", "webOrigins", "protocolMappers", "id", "baseUrl", "surrogateAuthRequired", "adminUrl", "fullScopeAllowed", "frontchannelLogout", "clientTemplate", "origin", "defaultClientScopes", "directGrantsOnly", "rootUrl", "secret", "useTemplateMappers", "notBefore", "useTemplateScope", "standardFlowEnabled", "description", "directAccessGrantsEnabled", "useTemplateConfig", "serviceAccountsEnabled", "optionalClientScopes", "consentRequired", "access", "bearerOnly", "registrationAccessToken", "defaultRoles", "authorizationSettings"])
 at [Source: (org.apache.http.client.entity.LazyDecompressingInputStream); line: 1, column: 166] (through reference chain: java.util.ArrayList[0]->org.keycloak.representations.idm.ClientRepresentation["alwaysDisplayInConsole"])
	at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:60)
	at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:822)
	at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1152)
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1567)
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1545)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:293)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151)
	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:285)
	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:244)
	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:27)
	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3065)
	at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:85)
	at org.github.flytreeleft.nexus3.keycloak.plugin.internal.http.HttpMethodResponse$2.lambda$0(HttpMethodResponse.java:36)

[flytreeleft]

@Euklios @hypery2k It seems that I have forgot to update the plugin version to the latest in the docker/Dockerfile, it still is 0.3.4 which doesn't support the Keycloak v9.0+.

[flytreeleft]

@Euklios I have updated the plugin to the latest version in the docker/Dockerfile, please try it again.

[Euklios]

@flytreeleft The current master is not working for me.
However, after setting the used plugin version within the Docker-file to 0.4.0-prev2-SNAPSHOT and altering the download URL accordingly, the authentification succeeded as expected.

[flytreeleft]

@Euklios Great :).