Avoid NPE if realm configuration contains invalid required action configuration (#32649)

* Avoid NPE if realm configuration contains invalid required action configuration

If users removed implementations or renamed the provider id of a required action, then the realm configuration might contain dangling references to required actions.
If we then try to find the RequiredActionFactory to determine the if the required action is configurable then NPE is thrown. This PR prevents the NPE with a guard clause.

Fixes #32624

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Log a warning if required action with missing provider is detected.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
This commit is contained in:
Thomas Darimont 2024-09-04 21:04:58 +02:00 committed by GitHub
parent 927a02ec5d
commit d28adcb81b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -18,6 +18,7 @@ import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.admin.ui.rest.model.Authentication;
import org.keycloak.admin.ui.rest.model.AuthenticationMapper;
@ -37,6 +38,9 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluato
public class AuthenticationManagementResource extends RoleMappingResource {
private static final Logger logger = Logger.getLogger(AuthenticationManagementResource.class);
public AuthenticationManagementResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
super(session, realm, auth);
}
@ -141,7 +145,12 @@ public class AuthenticationManagementResource extends RoleMappingResource {
rep.setConfig(model.getConfig());
RequiredActionFactory factory = (RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, model.getProviderId());
rep.setConfigurable(factory.isConfigurable());
if (factory != null) {
rep.setConfigurable(factory.isConfigurable());
} else {
logger.warnv("Detected RequiredAction with missing provider. realm={0}, alias={1}, providerId={2}",
realm.getName(), model.getAlias(), model.getProviderId());
}
return rep;
}