search

Baeldung / spring-security-oauth

Just Announced - "Learn Spring Security OAuth":
http://bit.ly/github-lsso
MIT License
1.99k stars 1.95k forks source link

Don't use ENV parameters in spring-security-oauth/oauth-rest/oauth-authorization-server for keycloak-server.json #429

Closed Dimantchick closed 9 months ago

Dimantchick commented 1 year ago

Find problem. keycloak-server.json don't use ENV vars. Find solution https://github.com/Dimantchick/spring-security-oauth/pull/1/commits/7ea1e3840d5d9466936184a6cd94e8b1179088ef Fix please

ulisseslima commented 1 year ago

Hey, @Dimantchick.

Could you elaborate on what is the issue?

Also, please include a link to the article you were following so we can take a look.

Dimantchick commented 1 year ago

@ulisseslima To view bug, open keycloak-server.json, found "url": "${keycloak.connectionsJpa.url:jdbc:h2:mem:test;DB_CLOSE_DELAY=-1}", Set ENV var keycloak.connectionsJpa.url on start to other value (sample jdbc:h2:mem:test_changed;DB_CLOSE_DELAY=-1) and run server. You can see in log:

DefaultJpaConnectionProviderFactory : Database info: {databaseUrl=jdbc:h2:mem:test, databaseUser=SA, databaseProduct=H2 2.1.214 (2022-06-13), databaseDriver=H2 JDBC Driver 2.1.214 (2022-06-13)}

Now I search more and found root cause: In JsonConfigProviderFactory protected Properties getProperties() { return new SystemEnvProperties(); } SystemEnvProperties `public String getProperty(String key) {

    if (this.overrides.containsKey(key)) {

        return (String)this.overrides.get(key);

    } else {

        return key.startsWith("env.") ? (String)System.getenv().get(key.substring(4)) : System.getProperty(key);

    }

}`

Keycloak using env vars to config only if they starts vith env. For example other solution it change keycloak-server.json, adding all vars 'env.', like ""url": "${env.keycloak.connectionsJpa.url:jdbc:h2:mem:test;DB_CLOSE_DELAY=-1}"", but in environment use 'keycloak.connectionsJpa.url=jdbc:h2:mem:test_changed;DB_CLOSE_DELAY=-1'.

Dimantchick commented 1 year ago

Additional. In my solution i ovveride method to use other constructor public SystemEnvProperties(Map<String, String> overrides) It adds override values for env vars. See org.keycloak.common.util.SystemEnvProperties#getProperty(java.lang.String) line 41, 42

ulisseslima commented 1 year ago

Hey, @Dimantchick.

Thanks for the feedback. I'm assuming you were following this article: https://www.baeldung.com/keycloak-embedded-in-spring-boot-app

We'll look into this. This issue will remain open until then.

Dimantchick commented 1 year ago

Yes. Find this repo from it article.

kasramp commented 9 months ago

The article is updated to reflect that the default Keycloack behavior does not allow to overwrite values via environment variable unless the key starts with env.*. Additionally, added a small example of how it can be achieved.