8000 Getting Keycloak exception with request 500 status code on /account with semicolon in URL · Issue #39608 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Getting Keycloak exception with request 500 status code on /account with semicolon in URL #39608
New issue
New issue
Open
Open
Getting Keycloak exception with request 500 status code on /account with semicolon in URL#39608
Labels
area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonstatus/blocked-externalUsed for marking Issues/PRs as blocked by some external factors like a bug in Quarkusteam/cloud-native
@timothy-mullican

Description

@timothy-mullican
timothy-mullican
opened on May 10, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

If you add a semicolon to the URL parameters for /realms/master/account, an HTTP 500 error is thrown.

Version

26.2.2

Regression

  • The issue is a regression

Expected behavior

HTTP non-500 error

Actual behavior

2025-05-10 03:25:40,880 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-threa
d-10) Uncaught server error: java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "java.net.URI.getScheme()" is null                              
        at org.keycloak.utils.SecureContextResolver.isSecureContext(SecureContextResolver.java:37)                                                                                             
        at org.keycloak.utils.SecureContextResolver.isSecureContext(SecureContextResolver.java:33)
        at org.keycloak.cookie.DefaultCookieProvider.<init>(DefaultCookieProvider.java:30)     
        at org.keycloak.cookie.DefaultCookieProviderFactory.create(DefaultCookieProviderFactory.
java:11)                                                                                       
        at org.keycloak.cookie.DefaultCookieProviderFactory.create(DefaultCookieProviderFactory.
java:7)                                                                                        
        at org.keycloak.services.DefaultKeycloakSession.getOrCreateProvider(DefaultKeycloakSession.java:184)
        at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:173)
        at org.keycloak.services.managers.AuthenticationManager.authenticateIdentityCookie(Authe
nticationManager.java:883)                                                                     
        at org.keycloak.services.managers.AuthenticationManager.authenticateIdentityCookie(Authe
nticationManager.java:879)                                                                     
        at org.keycloak.services.managers.AppAuthManager.authenticateIdentityCookie(AppAuthManag
er.java:47)
        at org.keycloak.services.resources.account.AccountConsole.init(AccountConsole.java:96) 
        at org.keycloak.services.resources.account.AccountConsole.<init>(AccountConsole.java:92)
        at org.keycloak.services.resources.account.AccountConsoleFactory.create(AccountConsoleFa
ctory.java:28)
        at org.keycloak.services.resources.account.AccountConsoleFactory.create(AccountConsoleFa
ctory.java:16)
        at org.keycloak.services.DefaultKeycloakSession.getOrCreateProvider(DefaultKeycloakSessi
on.java:184)
        at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:
173)
        at org.keycloak.models.KeycloakBeanProducer_ProducerMethod_getKeycloakSession_<removed>_ClientProxy.getProvider(Unknown Source)
        at org.keycloak.services.resources.account.AccountLoader.getAccountResourceProvider(Acco
untLoader.java:172)
        at org.keycloak.services.resources.account.AccountLoader.getAccountService(AccountLoader
.java:85)
        at org.keycloak.services.resources.account.AccountLoader$quarkusrestinvoker$getAccountSe
rvice_<removed>.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandle
r.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.inv
okeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractR
esteasyReactiveContext.java:147)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$15.runWith(VertxCoreRecorder.java:638
)
        at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:267
5)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2654)
        at org.jboss.threads.EnhancedQueueExecutor.runThreadBody(EnhancedQueueExecutor.java:1627
)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:159
4)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:
11)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:1583)

How to Reproduce?

Browse to https://<keycloak>/realms/master/account;a=b

Image

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonstatus/blocked-externalUsed for marking Issues/PRs as blocked by some external factors like a bug in Quarkusteam/cloud-native

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0