Question

keycloak 8.0.1 содержит jackson-databind (2.9.10), который имеет большое количество известных уязвимостей.

<jackson.version>2.9.10</jackson.version>
<jackson.databind.version>2.9.10.1</jackson.databind.version>

Я обновил обе версии до 2.10.1 в pom. xml в каталоге root. Сервер keycloak построен с использованием cmd

mvn -Pdistribution -pl distribution/server-dist -am -DskipTests clean install

Сборка прошла успешно. Затем, когда я запускаю сервер keycloak, запустив . / Standalone. sh (server-dist\target\keycloak-8.0.1\bin), я вижу следующую ошибку

10:46:10,301 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-8) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
10:46:11,538 INFO  [org.keycloak.services] (ServerService Thread Pool -- 66) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
10:46:11,691 INFO  [org.jboss.as.server] (Thread-1) WFLYSRV0220: Server shutdown has been requested via an OS signal
10:46:11,697 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 66) MSC000001: Failed to start service jboss.deployment.unit."keycloak-server.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication()
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
        at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at java.base/java.lang.Thread.run(Thread.java:834)
        at org.jboss.threads@2.3.3.Final//org.jboss.threads.JBossThread.run(JBossThread.java:485)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication()
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:164)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2784)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:364)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:277)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:89)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
        at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
        ... 8 more
Caused by: java.util.ServiceConfigurationError: org.keycloak.credential.CredentialProviderFactory: Provider org.keycloak.credential.WebAuthnCredentialProviderFactory could not be instantiated
        at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:581)
        at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:803)
        at java.base/java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:721)
        at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1394)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:214)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:78)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:339)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:125)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
        ... 31 more
Caused by: java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/TSFBuilder
        at com.webauthn4j.webauthn4j-core//com.webauthn4j.converter.util.CborConverter.<init>(CborConverter.java:67)
        at org.keycloak.keycloak-services@8.0.1//org.keycloak.credential.WebAuthnCredentialProviderFactory.<clinit>(WebAuthnCredentialProviderFactory.java:27)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:779)
        ... 44 more
Caused by: java.lang.ClassNotFoundException: com.fasterxml.jackson.core.TSFBuilder from [Module "com.fasterxml.jackson.dataformat.jackson-dataformat-cbor" version 2.10.1 from local module loader @2e554a3b (finder: local module finder @54a67a45 (roots: C:\worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules,C:\worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules\system\layers\keycloak,C:\worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules\system\layers\base))]
        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
        ... 51 more

10:46:11,746 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) WFLYJCA0010: Unbound data source [java:jboss/datasources/KeycloakDS]

Часть вышеуказанной ошибки:

Caused by: java.lang.ClassNotFoundException: com.fasterxml.jackson.core.TSFBuilder 
from [Module "com.fasterxml.jackson.dataformat.jackson-dataformat-cbor" version 2.10.1 from local module loader 
@2e554a3b (finder: local module finder @54a67a45
(roots: C:\worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules,
C:\worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules\system\layers\keycloak,
C:\worspace\soothsayer-worspace\identity-access-management\keycloak\distribution\server-dist\target\keycloak-8.0.1\modules\system\layers\base))]

Что я заметил, так это jar-файлы, которые присутствовали в каталоге модулей в разделе «server-dist». (server-dist\target\keycloak-8.0.1\modules\system\layers\base\com\fasterxml\jackson\core\jackson-core) все еще имел версию 2.9.10 для зависимости от Джексона. Я подозреваю, что из-за несовпадения версий между

Любая помощь будет очень принята ...

Проблема при разрушении сервера keycloak при обновлении версии зависимости jackson с 2.9.10 до 2.10.1 в keycloak-8.0.1

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Проблема при разрушении сервера keycloak при обновлении версии зависимости jackson с 2.9.10 до 2.10.1 в keycloak-8.0.1

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Похожие темы