Invalid SpringAddonsOidcProperties breaks native image

[MichalJanocha]

Hello!

At first - thank you for the great work, brilliant repository :).

I didn't find a single note that spring-addons-starter-oidc should work fine in spring boot native images but as for now - for very basic case (token validation) it works almost fine so I've decided to report this bug - if you are not focusing on native images then feel free to close this ticket.

BUG DESCRIPTION: It looks like SpringAddonsOidcProperties is missing NestedConfigurationProperty annotation on resourceserver and client fields which causes issues in native image (no values). While it works perfectly fine for map/list types it doesn't work for any nested classes, that's why ops field is totally fine.

Source: https://docs.spring.io/spring-boot/reference/native-image/advanced-topics.html#native-image.advanced.nested-configuration-properties

EXPECTED BEHAVIOR: All fields in SpringAddonsOidcProperties are properly populated in spring boot native image.

WORKAROUND: For anyone who's looking for a simple workaround, this is how I solved the issue. It basically overrides default SecurityFilterChain bean defined by spring-addons:

@Configuration
public class WebSecurity {
  @Bean
  SecurityFilterChain springAddonsJwtResourceServer(
      HttpSecurity http, ServerProperties serverProperties, SpringAddonsOidcProperties addonsProperties, ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor, ResourceServerSynchronizedHttpSecurityPostProcessor httpPostProcessor, AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver, AuthenticationEntryPoint authenticationEntryPoint, Optional<AccessDeniedHandler> accessDeniedHandler
  ) throws Exception {
    http.oauth2ResourceServer(oauth2 -> {
      oauth2.authenticationManagerResolver(authenticationManagerResolver);
      oauth2.authenticationEntryPoint(authenticationEntryPoint);
      accessDeniedHandler.ifPresent(oauth2::accessDeniedHandler);
    });

    // override spring-addons settings
    addonsProperties.getResourceserver()
        .setPermitAll(List.of("/public/**"));

    ServletConfigurationSupport.configureResourceServer(http,
        serverProperties,
        addonsProperties.getResourceserver(),
        authorizePostProcessor,
        httpPostProcessor
    );

    return http.build();
  }
}

[ch4mpy]

Hi @MichalJanocha

Thanks for reporting and investigating. There is no good reason for being incompatible with native images.

Would you kindly give a try to the latest SNAPSHOT? I added the missing @NestedConfigurationProperty on SpringAddonsOidcProperties#client and SpringAddonsOidcProperties#resourceserver. I also made all other @ConfigurationProperties nested-classes.

[MichalJanocha]

Sadly I am not able to build the repository so I cannot get the latest snapshot version (or maybe you're publishing those somewhere and I missed it?). Anyway, thank you for the fast resolution!

[ch4mpy]

I am not able to build the repository

Why that? it should be no more complicated than:

git clone https://github.com/ch4mpy/spring-addons.git
cd spring-addons
sh ./mvnw install

Once spring-addons-starter-oidc is built, you can kill the build (the samples are rather long to build)

[ch4mpy]

You can give a try to the 7.7.0 released just now.

[MichalJanocha]

Build issue solved.. my Maven installation was broken + screwed local config, day to day I am using Gradle so I've never noticed that :). Let me test the release then.

[MichalJanocha]

@ch4mpy looks like everything is fine. Scenarios I've tested: JVM, native, extended docker native. In comparison to 7.6.13 it looks like there is only one thing that stopped working - I didn't investigate that because it might be again my local problem but it looks like IntelliJ stopped sensing the properties, with 7.6.13 it was working for ops field, now it doesn't work for ops or any other property. Anyway - implemented fix works fine so I am closing this issue!

SS from IntelliJ:

[ch4mpy]

Thanks for confirming the issue is solved and closing.

Auto-completion works as expected with 7.7.0 within Eclipse STS.