Add localhost:8585 as jwks urls; Fix entity consolidations when there is no previous chnage available (#15001)

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java

@@ -2057,22 +2057,24 @@ public abstract class EntityRepository<T extends EntityInterface> {
       // set changeDescription to null
       T updatedOld = updated;
       previous = getPreviousVersion(original);
-      LOG.debug(
-          "In session change consolidation. Reverting to previous version {}",
-          previous.getVersion());
-      updated = previous;
-      updateInternal();
-      LOG.info(
-          "In session change consolidation. Reverting to previous version {} completed",
-          previous.getVersion());
+      if (previous != null) {
+        LOG.debug(
+            "In session change consolidation. Reverting to previous version {}",
+            previous.getVersion());
+        updated = previous;
+        updateInternal();
+        LOG.info(
+            "In session change consolidation. Reverting to previous version {} completed",
+            previous.getVersion());
 
-      // Now go from original to updated
-      updated = updatedOld;
-      updateInternal();
+        // Now go from original to updated
+        updated = updatedOld;
+        updateInternal();
 
-      // Finally, go from previous to the latest updated entity to consolidate changes
-      original = previous;
-      entityChanged = false;
+        // Finally, go from previous to the latest updated entity to consolidate changes
+        original = previous;
+        entityChanged = false;
+      }
     }
 
     /** Compare original and updated entities and perform updates. Update the entity version and track changes. */

openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java

@@ -59,6 +59,11 @@ public class JwtFilter implements ContainerRequestFilter {
   private String principalDomain;
   private boolean enforcePrincipalDomain;
   private AuthProvider providerType;
+
+  private static final List<String> DEFAULT_PUBLIC_KEY_URLS =
+      Arrays.asList(
+          "http://localhost:8585/api/v1/system/config/jwks",
+          "http://host.docker.internal:8585/api/v1/system/config/jwks");
   public static final List<String> EXCLUDED_ENDPOINTS =
       List.of(
           "v1/system/config/jwks",
@@ -89,6 +94,13 @@ public class JwtFilter implements ContainerRequestFilter {
     for (String publicKeyUrlStr : authenticationConfiguration.getPublicKeyUrls()) {
       publicKeyUrlsBuilder.add(new URL(publicKeyUrlStr));
     }
+    // avoid users misconfiguration and add default publicKeyUrls
+    for (String publicKeyUrl : DEFAULT_PUBLIC_KEY_URLS) {
+      if (!authenticationConfiguration.getPublicKeyUrls().contains(publicKeyUrl)) {
+        publicKeyUrlsBuilder.add(new URL(publicKeyUrl));
+      }
+    }
+
     this.jwkProvider = new MultiUrlJwkProvider(publicKeyUrlsBuilder.build());
     this.principalDomain = authorizerConfiguration.getPrincipalDomain();
     this.enforcePrincipalDomain = authorizerConfiguration.getEnforcePrincipalDomain();

openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java

@@ -32,7 +32,9 @@ final class MultiUrlJwkProvider implements JwkProvider {
   public Jwk get(String keyId) throws JwkException {
     JwkException lastException =
         new SigningKeyNotFoundException(
-            "JWT Token keyID doesn't match the configured keyID.", null);
+            "JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure "
+                + "proper publicKeyUrls under authentication configuration.",
+            null);
     for (UrlJwkProvider jwkProvider : urlJwkProviders) {
       try {
         return jwkProvider.get(keyId);