Webservers fails to starts with TLS and Security layer in Helidon 4 SE version, because of mismatch in .jks entry
Steps to reproduce
We are on Helidon 4 SE version, have couple of queries on security/jks config in application.yaml.
How to configure File system path for jks file for webserver with TLS? Let's say I have a jks file called xyz.jks, unless I copy the jks files into /src/main/resources/xyz.jks it doesn't work. For my usecase, I don't want to package the jks files along with the jar. How can I configure a File system path and make it work ?
We would like to provide TLS layer as white paper for the customer. If they dont want to enable TLS, we would like to disable it from application.yaml. Making it as Enabled:false works, but it always expects the jks file to be present which is weird . Any thoughts ?
tls:
enabled: false
Webserver start-up Logs:
C:\helidonv4dev\customer-master>java -jar target\partyMgmt.jar
2024.01.05 07:52:46.381 myoracle - Starting...
2024.01.05 07:52:47.109 myoracle - Start completed.
2024.01.05 07:52:47.253 myoracle - Starting...
2024.01.05 07:52:47.258 myoracle - Start completed.
2024.01.05 07:52:47.309 Security is disabled, ignoring provider configuration
Exception in thread "main" java.lang.NullPointerException: Resource path does not exist: xyz.jks
at java.base/java.util.Objects.requireNonNull(Objects.java:259)
at io.helidon.common.configurable.ResourceUtil.toIs(ResourceUtil.java:83)
at io.helidon.common.configurable.Resource.create(Resource.java:85)
at io.helidon.common.configurable.Resource.create(Resource.java:157)
at io.helidon.common.pki.KeystoreKeys$BuilderBase.keystore(KeystoreKeys.java:189)
at java.base/java.util.Optional.ifPresent(Optional.java:178)
at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188)
at io.helidon.common.pki.KeystoreKeys$BuilderBase.config(KeystoreKeys.java:156)
at io.helidon.common.pki.KeystoreKeys.create(KeystoreKeys.java:67)
at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168)
at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255)
at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188)
at io.helidon.common.pki.Keys$BuilderBase.config(Keys.java:153)
at io.helidon.common.pki.Keys.create(Keys.java:73)
at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168)
at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255)
at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188)
at io.helidon.common.tls.TlsConfig$BuilderBase.config(TlsConfig.java:215)
at io.helidon.common.tls.TlsConfig.create(TlsConfig.java:77)
at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168)
at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255)
at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188)
at io.helidon.webserver.ListenerConfig$BuilderBase.config(ListenerConfig.java:253)
at io.helidon.webserver.WebServerConfig$BuilderBase.config(WebServerConfig.java:176)
at com.oracle.partyMgmt.Main.main(Main.java:90)
Similar to TLS , we would like to white paper Security layer as well.We are using IDCS implementation, though we made "enabled: false" at security layer, when we bring up the webserver(runtime) it errors out at "OidcFeature" line. If we comment that line of code it works. Any suggestions on this ?
We dont want customer's to touch the code and package the jar at any cost. Expectation from customer is to configure jks details/security layer from config files like application.yaml and start the webserver .
security:
enabled: false
config.require-encryption: false
providers:
- abac: # Adds ABAC Provider - it does not require any configuration
fail-on-unvalidated: true
fail-if-none-validated: true
- oidc:
identity-uri: "<URI>"
client-id: "<cliendid>"
client-secret: "<secret>"
audience: "<hostname:port>"
server-type: "idcs"
redirect: false
header-use: true
Webserver start-up Logs:
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "io.helidon.security.providers.oidc.common.OidcConfig.tokenCookieHandler()" because "this.oidcConfig" is null
at io.helidon.security.providers.oidc.OidcFeature.(OidcFeature.java:161)
at io.helidon.security.providers.oidc.OidcFeature$Builder.build(OidcFeature.java:616)
at io.helidon.security.providers.oidc.OidcFeature.create(OidcFeature.java:197)
at com.oracle.partyMgmt.Main.routing(Main.java:116)
at io.helidon.webserver.WebServerConfigSupport$ListenerCustomMethods.routing(WebServerConfigSupport.java:158)
at io.helidon.webserver.ListenerConfig$BuilderBase.routing(ListenerConfig.java:228)
at com.oracle.partyMgmt.Main.main(Main.java:91)
If I understand it correctly, it is the same as with the 2. Meaning that if overall security is set to false, internal parts should not be constructed/validated.
Environment Details
Problem Description
Webservers fails to starts with TLS and Security layer in Helidon 4 SE version, because of mismatch in .jks entry
Steps to reproduce
We are on Helidon 4 SE version, have couple of queries on security/jks config in application.yaml.
Webserver start-up Logs:
C:\helidonv4dev\customer-master>java -jar target\partyMgmt.jar 2024.01.05 07:52:46.381 myoracle - Starting... 2024.01.05 07:52:47.109 myoracle - Start completed. 2024.01.05 07:52:47.253 myoracle - Starting... 2024.01.05 07:52:47.258 myoracle - Start completed. 2024.01.05 07:52:47.309 Security is disabled, ignoring provider configuration Exception in thread "main" java.lang.NullPointerException: Resource path does not exist: xyz.jks at java.base/java.util.Objects.requireNonNull(Objects.java:259) at io.helidon.common.configurable.ResourceUtil.toIs(ResourceUtil.java:83) at io.helidon.common.configurable.Resource.create(Resource.java:85) at io.helidon.common.configurable.Resource.create(Resource.java:157) at io.helidon.common.pki.KeystoreKeys$BuilderBase.keystore(KeystoreKeys.java:189) at java.base/java.util.Optional.ifPresent(Optional.java:178) at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188) at io.helidon.common.pki.KeystoreKeys$BuilderBase.config(KeystoreKeys.java:156) at io.helidon.common.pki.KeystoreKeys.create(KeystoreKeys.java:67) at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168) at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255) at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188) at io.helidon.common.pki.Keys$BuilderBase.config(Keys.java:153) at io.helidon.common.pki.Keys.create(Keys.java:73) at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168) at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255) at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188) at io.helidon.common.tls.TlsConfig$BuilderBase.config(TlsConfig.java:215) at io.helidon.common.tls.TlsConfig.create(TlsConfig.java:77) at io.helidon.config.ConfigValues.lambda$create$4(ConfigValues.java:168) at io.helidon.config.ConfigValues$GenericConfigValueImpl.asOptional(ConfigValues.java:255) at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188) at io.helidon.webserver.ListenerConfig$BuilderBase.config(ListenerConfig.java:253) at io.helidon.webserver.WebServerConfig$BuilderBase.config(WebServerConfig.java:176) at com.oracle.partyMgmt.Main.main(Main.java:90)
Main.java:
application.yaml:
Webserver start-up Logs:
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "io.helidon.security.providers.oidc.common.OidcConfig.tokenCookieHandler()" because "this.oidcConfig" is null at io.helidon.security.providers.oidc.OidcFeature.(OidcFeature.java:161)
at io.helidon.security.providers.oidc.OidcFeature$Builder.build(OidcFeature.java:616)
at io.helidon.security.providers.oidc.OidcFeature.create(OidcFeature.java:197)
at com.oracle.partyMgmt.Main.routing(Main.java:116)
at io.helidon.webserver.WebServerConfigSupport$ListenerCustomMethods.routing(WebServerConfigSupport.java:158)
at io.helidon.webserver.ListenerConfig$BuilderBase.routing(ListenerConfig.java:228)
at com.oracle.partyMgmt.Main.main(Main.java:91)
Thanks, Mohan