diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java index f0d8fe4a04f..279824467dd 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java @@ -2057,22 +2057,24 @@ public abstract class EntityRepository { // set changeDescription to null T updatedOld = updated; previous = getPreviousVersion(original); - LOG.debug( - "In session change consolidation. Reverting to previous version {}", - previous.getVersion()); - updated = previous; - updateInternal(); - LOG.info( - "In session change consolidation. Reverting to previous version {} completed", - previous.getVersion()); + if (previous != null) { + LOG.debug( + "In session change consolidation. Reverting to previous version {}", + previous.getVersion()); + updated = previous; + updateInternal(); + LOG.info( + "In session change consolidation. Reverting to previous version {} completed", + previous.getVersion()); - // Now go from original to updated - updated = updatedOld; - updateInternal(); + // Now go from original to updated + updated = updatedOld; + updateInternal(); - // Finally, go from previous to the latest updated entity to consolidate changes - original = previous; - entityChanged = false; + // Finally, go from previous to the latest updated entity to consolidate changes + original = previous; + entityChanged = false; + } } /** Compare original and updated entities and perform updates. Update the entity version and track changes. */ diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java index 559630e4486..62accf5d38d 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java @@ -59,6 +59,11 @@ public class JwtFilter implements ContainerRequestFilter { private String principalDomain; private boolean enforcePrincipalDomain; private AuthProvider providerType; + + private static final List DEFAULT_PUBLIC_KEY_URLS = + Arrays.asList( + "http://localhost:8585/api/v1/system/config/jwks", + "http://host.docker.internal:8585/api/v1/system/config/jwks"); public static final List EXCLUDED_ENDPOINTS = List.of( "v1/system/config/jwks", @@ -89,6 +94,13 @@ public class JwtFilter implements ContainerRequestFilter { for (String publicKeyUrlStr : authenticationConfiguration.getPublicKeyUrls()) { publicKeyUrlsBuilder.add(new URL(publicKeyUrlStr)); } + // avoid users misconfiguration and add default publicKeyUrls + for (String publicKeyUrl : DEFAULT_PUBLIC_KEY_URLS) { + if (!authenticationConfiguration.getPublicKeyUrls().contains(publicKeyUrl)) { + publicKeyUrlsBuilder.add(new URL(publicKeyUrl)); + } + } + this.jwkProvider = new MultiUrlJwkProvider(publicKeyUrlsBuilder.build()); this.principalDomain = authorizerConfiguration.getPrincipalDomain(); this.enforcePrincipalDomain = authorizerConfiguration.getEnforcePrincipalDomain(); diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java index 5913a4c3a31..fcc2b77c51a 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java @@ -32,7 +32,9 @@ final class MultiUrlJwkProvider implements JwkProvider { public Jwk get(String keyId) throws JwkException { JwkException lastException = new SigningKeyNotFoundException( - "JWT Token keyID doesn't match the configured keyID.", null); + "JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure " + + "proper publicKeyUrls under authentication configuration.", + null); for (UrlJwkProvider jwkProvider : urlJwkProviders) { try { return jwkProvider.get(keyId);