Postman Test User case fails

knowings commented 6 years ago

After setting up (locally) Activiti Cloud Full Example on the kubernetes cluster provided by Docker, I run the Test User case suite and got strange results: despite green results, only the getKeycloakToken pass with a 200 HTTP status, but the following requests fails with a 401 HTTP status code.

From the logs of activiti-cloud-gateway I found:

2018-10-05 15:05:59.773 ERROR 1 --- [-server-epoll-8] o.s.w.s.adapter.HttpWebHandlerAdapter    : Unhandled failure: Connection has been closed, response already set (status=401)
2018-10-05 15:05:59.773  WARN 1 --- [-server-epoll-8] o.s.h.s.r.ReactorHttpHandlerAdapter      : Handling completed with error: Connection has been closed

And from the logs of activiti-keycloak I found:

2018-10-05 15:09:36.760  WARN [query,3a014e23ae25c761,3a014e23ae25c761,false] 1 --- [nio-8080-exec-5] c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: I/O error on GET request for
"http://localhost:8888/query/default": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
2018-10-05 15:09:40.191  INFO [query,9bada93f64e69d55,9bada93f64e69d55,false] 1 --- [nio-8080-exec-6] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://localhost:8888
2018-10-05 15:09:40.203  INFO [query,9bada93f64e69d55,9bada93f64e69d55,false] 1 --- [nio-8080-exec-6] c.c.c.ConfigServicePropertySourceLocator : Connect Timeout Exception on Url - http://localhost:8888. Will
 be trying the next url if available
...
2018-10-05 15:05:59.709 ERROR [query,07b68eb8d8aac2a8,07b68eb8d8aac2a8,true] 1 --- [nio-8080-exec-5] o.k.a.rotation.AdapterRSATokenVerifier   : Didn't find publicKey for kid: hMBObsroPIKbIy5NPggSJOHdCrfEQiok
j-AB0B0ZKu4
2018-10-05 15:05:59.709 ERROR [query,07b68eb8d8aac2a8,07b68eb8d8aac2a8,true] 1 --- [nio-8080-exec-5] o.k.a.BearerTokenRequestAuthenticator    : Failed to verify token

org.keycloak.common.VerificationException: Didn't find publicKey for specified kid
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:47)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:99)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:84)
        at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
        at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:149)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:84)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472)
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
        at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395)
        at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:177)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

Obviously, something went wrong but what ?

The tests results: Test User case.postman_test_run.zip

salaboy commented 5 years ago

@knowings thanks for reporting this.. I guess that you managed to solve this one. Our experience with Postman is that these collections go out of sync quite fast. Please report issues in the main Activiti/Activiti repo next time so we can answer fast.

knowings commented 5 years ago

@salaboy the main issue lies in how the full example can be used in a docker-for-desktop k8s cluster. I used an Ingress like "activiti-keycloak.127.0.0.1.nip.io" and it's not a good idea within the cluster... I talked about it in gitter with people that helped me to start working on a solution (WIP BTW). Next time, I will report on the main repository ;)

salaboy commented 5 years ago

@knowings we will definitely appreciate if you found the fix for that to contribute it back to our gitbook. Is that something that you think that you can do?

Activiti / activiti-cloud-examples

Postman Test User case fails #94