Keycloak with spring boot issue when deploying on tomcat

Question

I have secured my a Spring application with KeyCloak using Spring Security Adapter, this works fine on my local machine, but when i deployed the WAR on tomcat and try to call the API, i get the following internal server error :

o.s.b.w.servlet.support.ErrorPageFilter  : Forwarding to error page from request [/api/statutOperations] 
due to exception [null]

java.lang.NullPointerException: null
    at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:57) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
    at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:202) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
    at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:39) ~[keycloak-spr

Did i miss something, or is my configuration wrong, below is the necessary config :

Keycloak Config :

@Configuration
public class KeycloakConfig {

    @Bean
    KeycloakSpringBootConfigResolver configResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    KeycloakRestTemplate keycloakRestTemplate(KeycloakClientRequestFactory keycloakClientRequestFactory) {
        return new KeycloakRestTemplate(keycloakClientRequestFactory);
    }
}

@KeycloakConfiguration
public class KeycloakSpringSecuriteConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);      http.authorizeRequests().antMatchers("/api/**").authenticated().anyRequest().permitAll();
    }

}

application.properties :

keycloak.realm=cirta
keycloak.auth-server-url=http://localhost:8085/auth
keycloak.resource=cirta-api
keycloak.public-client=true
keycloak.cors=true    
keycloak.ssl-required=external

I also added the following context.xml keycloak.json and web.xml in META-INF and WEB-INF directories :

context.xml

<Context path="/cirtaapi">
    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

keycloak.json

{
  "realm" : "cirta",
  "resource" : "cirta-api",
  "auth-server-url" : "https://localhost:8085/auth",
  "ssl-required" : "external",
  "enable-cors" : true
}

web.xml

    <module-name>cirtaapi</module-name>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Operations</web-resource-name>
        <url-pattern>/api/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>app-manager</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>KEYCLOAK</auth-method>
    <realm-name>cirta</realm-name>
</login-config>

<security-role>
    <role-name>app-manager</role-name>
</security-role>

Answer 1

This has been fixed in keycloak 11.0.0. Similar question is out there to describe this: NPE when loading custom SecurityConfig for Keycloak in WebMvcTest and provide a workaround for version 9.0.1 to 10.

See also: https://github.com/gtiwari333/spring-boot-web-application-seed/blob/master/main-app/src/main/java/gt/app/config/security/SecurityConfig.java