ApiCurio(http, ํฌํธ 8080)๋ Nginx(http, ํฌํธ 80) ๋ค์์ ์คํ๋ฉ๋๋ค. F5(https)๋ ์์ฒญ์ Nginx๋ก ์ ๋ฌํฉ๋๋ค. https://github.com ์ ์ฑ๊ณต์ ์ผ๋ก ์ฐ๊ฒฐํ ์ ์์ง๋ง " Publish API "๋ฅผ ์๋ํ๋ ๋์ " _Keycloak์์ ์ธ๋ถ IDP ์ก์ธ์ค ํ ํฐ์ ์ก์ธ์คํ์ง ๋ชปํ์ต๋๋ค: 403 - Forbidden_ " ์ค๋ฅ๊ฐ ๋ฐ์ํ์ต๋๋ค.
KeyCloak ๋ฒ์ : 3.4.3.์ต์ข .
์ฐธ๊ณ ๋ก ์ฌ์ง์์ F5์ Nginx๋ฅผ ๋นผ๊ณ ApiCurio๋ฅผ ์ง์ ์ฒ๋ฆฌํด๋ ๊ฐ์ ์๋ฌ๊ฐ ๋ฉ๋๋ค.
_์ค๋ฅ ๋ฉ์์ง:-_
์ธ๋ถ ์ฌํญ ํ ๊ธ :-
io.apicurio.hub.core.exceptions.ServerError: ์๊ธฐ์น ์์ ์๋ฒ ์ค๋ฅ
io.apicurio.hub.api.rest.impl.AccountsResource.getOrganizations(AccountsResource.java:241)
io.apicurio.hub.api.rest.impl.AccountsResource$Proxy$_$$_WeldClientProxy.getOrganizations(์ ์ ์๋ ์ถ์ฒ)
sun.reflect.NativeMethodAccessorImpl.invoke0์์(๋ค์ดํฐ๋ธ ๋ฉ์๋)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)์์
sun.reflect.DelegatingMethodAccessorImpl.invoke์์(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:497)์์
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)์์
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:310)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)์์
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)์์
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)์์
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)์์
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)์์
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)์์
javax.servlet.http.HttpServlet.service(HttpServlet.java:791)์์
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
io.apicurio.hub.api.security.KeycloakAuthenticationFilter.doFilter(KeycloakAuthenticationFilter.java:72)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
io.apicurio.hub.api.filters.DisableCachingFilter.doFilter(DisableCachingFilter.java:66)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
io.apicurio.hub.api.filters.CorsFilter.doFilter(CorsFilter.java:64)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:55)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler.handleRequest(UndertowAuthenticatedActionsHandler.java:66)
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)์์
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
java.lang.Thread.run(Thread.java:745)์์
์์ธ: io.apicurio.hub.api.connectors.SourceConnectorException: java.io.IOException: Keycloak์ ์๊ธฐ์น ์์ ์๋ต: 403::Forbidden
io.apicurio.hub.api.connectors.AbstractSourceConnector.getExternalToken(AbstractSourceConnector.java:102)
io.apicurio.hub.api.github.GitHubSourceConnector.githubClient(GitHubSourceConnector.java:88)
io.apicurio.hub.api.github.GitHubSourceConnector.getOrganizations(GitHubSourceConnector.java:313)
io.apicurio.hub.api.github.GitHubSourceConnector$Proxy$_$$_WeldClientProxy.getOrganizations(์ ์ ์๋ ์์ค)
io.apicurio.hub.api.rest.impl.AccountsResource.getOrganizations(AccountsResource.java:239)
... 83๊ฐ ๋
์์ธ: java.io.IOException: Keycloak์ ์๊ธฐ์น ์์ ์๋ต: 403::Forbidden
io.apicurio.hub.api.security.KeycloakLinkedAccountsProvider.getLinkedAccountToken(KeycloakLinkedAccountsProvider.java:187)
io.apicurio.hub.api.security.KeycloakLinkedAccountsProvider$Proxy$_$$_WeldClientProxy.getLinkedAccountToken(์ ์ ์๋ ์ถ์ฒ)
io.apicurio.hub.api.connectors.AbstractSourceConnector.getExternalToken(AbstractSourceConnector.java:94)
... 87๊ฐ ๋
๋ธ๋ผ์ฐ์ ๋ก๊ทธ:-
์ถ๊ฐ ์ ๋ณด๊ฐ ํ์ํ๋ฉด ์๋ ค์ฃผ์ญ์์ค.
ํ . ์ด ์ค๋ฅ๋ Apicurio๊ฐ Keycloak์ด ๊ด๋ฆฌํ๋ GitHub ์ก์ธ์ค ํ ํฐ์ ๊ฒ์ํ๊ธฐ ์ํด Keycloak REST API๋ฅผ ํธ์ถํ๋ ค๊ณ ํ ๋ ๋ฐ์ํฉ๋๋ค. ์ด ํ ํฐ์ Apicurio๊ฐ ์ธ์ฆ๋ ์ฌ์ฉ์๋ฅผ ๋์ ํ์ฌ GitHub์ ์ธ์ฆ๋ ํธ์ถ์ ํ ์ ์๋๋ก ํ๊ธฐ ์ํด ํ์ํฉ๋๋ค.
Keycloak์ด 403์ผ๋ก ์๋ตํ๋ ์ด์ ๋ฅผ ์ ์ ์์ต๋๋ค. Keycloak ์๋ฒ ๋ก๊ทธ์ ์คํ ์ถ์ ์ด ์์ต๋๊น?
_GitHub OAuth ์ ํ๋ฆฌ์ผ์ด์
:-_
_KeyCloak์ GitHub ๊ตฌ์ฑ :-_
_๋ด GitHub ๊ณ์ ์ฐ๊ฒฐ:-_
_๋งํฌ๋ GitHub์ ๋ด API
_KeyCloak ๋ก๊ทธ: -_
2019-06-25 10:17:58,183 ๊ฒฝ๊ณ [org.keycloak.events] (๊ธฐ๋ณธ ์์ -24) type=IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR, realmId=internal, clientId=null, userId=null, ipcaAddress=10. error=ํด๋ผ์ด์ธํธ [apicurio-studio]๋ ID ๊ณต๊ธ์ [github]์์ ํ ํฐ์ ๊ฒ์ํ ๊ถํ์ด ์์ต๋๋ค.
2019-06-25 10:17:58,184 ์ค๋ฅ [org.keycloak.services.resources.IdentityBrokerService](๊ธฐ๋ณธ ์์ -24) ํด๋ผ์ด์ธํธ [apicurio-studio]๊ฐ ID ๊ณต๊ธ์ [github]์์ ํ ํฐ์ ๊ฒ์ํ ๊ถํ์ด ์์ต๋๋ค.
์ด๊ฒ์ (Keycloak์) apicurio-studio ํด๋ผ์ด์ธํธ์ ํ์ํ ์ญํ ์ด ์๊ธฐ ๋๋ฌธ์ผ ์ ์์ต๋๋ค. ์ง๊ธ์ ์ธ๋ถ ์ ๋ณด์ ์ก์ธ์คํ ์ ์์ง๋ง(์ฌํ ์ค์
๋๋ค) ๊ธฐ์ต์ ํ์ํ ์ผ์ข
์ broker
์ญํ ์ด ์์ต๋๋ค. ์ ์ ๊น๋ง - ๋ด๊ฐ ์ค์นํ ๋ก์ปฌ KC์์ ์ค์ ์ ๊ฐ์ ธ์ฌ ์ ์์ต๋๋ค. ์ฌ๊ธฐ์์ด:
KC ์์ญ์์ ํด๋น ์ค์ ์ ํ์ธํ์ญ์์ค.
@EricWittmann ์ ์ง๋ฌธ์ ๋ต๋ณ
keycloak ๋ก๊ทธ์ ์ค๋ฅ๋ก ์ธํด ์ฌ๊ธฐ์ ์๋ ๋ถ์ํ ์ํผ์ ์ํด: ํด๋ผ์ด์ธํธ [apicurio-studio]๊ฐ ID ์ ๊ณต์ [github]์์ ํ ํฐ์ ๊ฒ์ํ ๊ถํ์ด ์์ต๋๋ค.
์ฝ๊ธฐ ํ ํฐ ์ญํ ์ด ๋ค์ ๋ ๊ณณ์์ ๋๋ฝ๋ ์ ์์ต๋๋ค.
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
keycloak ๋ก๊ทธ์ ์ค๋ฅ๋ก ์ธํด ์ฌ๊ธฐ์ ์๋ ๋ถ์ํ ์ํผ์ ์ํด: ํด๋ผ์ด์ธํธ [apicurio-studio]๊ฐ ID ์ ๊ณต์ [github]์์ ํ ํฐ์ ๊ฒ์ํ ๊ถํ์ด ์์ต๋๋ค.
์ฝ๊ธฐ ํ ํฐ ์ญํ ์ด ๋ค์ ๋ ๊ณณ์์ ๋๋ฝ๋ ์ ์์ต๋๋ค.