Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"org.akhq.security.rule.AKHQSecurityRule.decompressGroups(io.micronaut.security.authentication.Authentication)" is null #1640

Closed
karolcienkosz opened this issue Dec 28, 2023 · 3 comments
Closed

"org.akhq.security.rule.AKHQSecurityRule.decompressGroups(io.micronaut.security.authentication.Authentication)" is null #1640

karolcienkosz opened this issue Dec 28, 2023 · 3 comments

Comments

@karolcienkosz
Copy link
Contributor

After image update 0.24.0 --> dev akhq returns error:
Internal Server Error: Cannot invoke "java.util.Map.values()" because the return value of "org.akhq.security.rule.AKHQSecurityRule.decompressGroups(io.micronaut.security.authentication.Authentication)" is null
image

2023-12-28 08:24:23,049 ERROR io-executor-thread-3 o.a.c.ErrorController Cannot invoke "java.util.Map.values()" because the return value of "org.akhq.security.rule.AKHQSecurityRule.decompressGroups(io.micronaut.security.authentication.Authentication)" is null
java.lang.NullPointerException: Cannot invoke "java.util.Map.values()" because the return value of "org.akhq.security.rule.AKHQSecurityRule.decompressGroups(io.micronaut.security.authentication.Authentication)" is null
	at org.akhq.controllers.AbstractController.getUserGroups(AbstractController.java:53)
	at org.akhq.controllers.AkhqController.getRights(AkhqController.java:225)
	at org.akhq.controllers.AkhqController.users(AkhqController.java:144)
	at org.akhq.controllers.$AkhqController$Definition$Exec.dispatch(Unknown Source)
	at io.micronaut.context.AbstractExecutableMethodsDefinition$DispatchedExecutableMethod.invoke(AbstractExecutableMethodsDefinition.java:442)
	at io.micronaut.context.DefaultBeanContext$BeanContextExecutionHandle.invoke(DefaultBeanContext.java:4282)
	at io.micronaut.web.router.AbstractRouteMatch.execute(AbstractRouteMatch.java:223)
	at io.micronaut.http.context.ServerRequestContext.with(ServerRequestContext.java:74)
	at io.micronaut.http.server.RouteExecutor.executeRouteAndConvertBody(RouteExecutor.java:480)
	at io.micronaut.http.server.RouteExecutor.lambda$callRoute$6(RouteExecutor.java:457)
	at io.micronaut.core.execution.ExecutionFlow.lambda$async$1(ExecutionFlow.java:87)
	at io.micronaut.core.propagation.PropagatedContext.lambda$wrap$3(PropagatedContext.java:211)
	at io.micrometer.core.instrument.composite.CompositeTimer.record(CompositeTimer.java:141)
	at io.micrometer.core.instrument.Timer.lambda$wrap$0(Timer.java:196)
	at io.micronaut.core.propagation.PropagatedContext.lambda$wrap$3(PropagatedContext.java:211)
	at io.micrometer.core.instrument.composite.CompositeTimer.record(CompositeTimer.java:141)
	at io.micrometer.core.instrument.Timer.lambda$wrap$0(Timer.java:196)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

I've found PR1630 and ISSUE1616 with information that roles/groups should be configured in different way.

In my scenario i used akhq instaled using helm and integrated with okta. Should I change my configuration(how?) or it is a bug and for now I cannot use dev image?

Thanks in advance!
@AlexisSouquiere
Copy link
Collaborator

AlexisSouquiere commented Jan 2, 2024
edited
Loading

@karolcienkosz please check the new way to handle roles/groups on the doc: https://akhq.io/docs/configuration/authentifications/groups.html. And a configuration sample here

I will check and handle this NPE to display an explicit error message

@karolcienkosz
Copy link
Contributor Author

@AlexisSouquiere thx for example config. In my case it was cause by default-group for oidc. Using 0.24 it was enough to use default-group: no-roles
With dev I have to define group like

      oidc:
        enabled: true
        providers:
          okta:
            label: "Login with Okta"
            username-field: preferred_username
            default-group: akhq-default
            groups-field: groups
            groups:
              - name: "akhq-reader"
                groups
                  - reader
              - name: akhq-admin
                groups:
                  - admin
              - name: akhq-default
                groups:
                  - no-roles

@AlexisSouquiere
Copy link
Collaborator

Great, thanks for the update and for highlighting that I need to catch the NPE to show a better error message.
If everything is good for you you can close the isue !

@AlexisSouquiere AlexisSouquiere mentioned this issue Jan 17, 2024
Merged
tchiotludo pushed a commit that referenced this issue Jan 24, 2024
@AlexisSouquiere
fix(auth): handling NPE on login (#1655)
879cb91 
relate to #1640
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Backlog
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexisSouquiere @karolcienkosz