Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't use ENV parameters in spring-security-oauth/oauth-rest/oauth-authorization-server for keycloak-server.json #429

Closed
Dimantchick opened this issue Sep 2, 2023 · 6 comments
Closed

Don't use ENV parameters in spring-security-oauth/oauth-rest/oauth-authorization-server for keycloak-server.json #429

Dimantchick opened this issue Sep 2, 2023 · 6 comments
Labels
on-jira triaged

Comments

@Dimantchick
Copy link

Find problem. keycloak-server.json don't use ENV vars.
Find solution
Dimantchick@7ea1e38
Fix please
@Dimantchick Dimantchick mentioned this issue Sep 2, 2023
Open
@ulisseslima
Copy link
Contributor

Hey, @Dimantchick.

Could you elaborate on what is the issue?

Also, please include a link to the article you were following so we can take a look.

@Dimantchick
Copy link
Author

Dimantchick commented Sep 9, 2023
edited
Loading

@ulisseslima
To view bug, open keycloak-server.json, found "url": "${keycloak.connectionsJpa.url:jdbc:h2:mem:test;DB_CLOSE_DELAY=-1}",
Set ENV var keycloak.connectionsJpa.url on start to other value (sample jdbc:h2:mem:test_changed;DB_CLOSE_DELAY=-1) and run server.
You can see in log:

DefaultJpaConnectionProviderFactory : Database info: {databaseUrl=jdbc:h2:mem:test, databaseUser=SA, databaseProduct=H2 2.1.214 (2022-06-13), databaseDriver=H2 JDBC Driver 2.1.214 (2022-06-13)}

Now I search more and found root cause:
In JsonConfigProviderFactory
protected Properties getProperties() { return new SystemEnvProperties(); }
SystemEnvProperties
`public String getProperty(String key) {

    if (this.overrides.containsKey(key)) {

        return (String)this.overrides.get(key);

    } else {

        return key.startsWith("env.") ? (String)System.getenv().get(key.substring(4)) : System.getProperty(key);

    }

}`

Keycloak using env vars to config only if they starts vith env.
For example other solution it change keycloak-server.json, adding all vars 'env.', like ""url": "${env.keycloak.connectionsJpa.url:jdbc:h2:mem:test;DB_CLOSE_DELAY=-1}"", but in environment use 'keycloak.connectionsJpa.url=jdbc:h2:mem:test_changed;DB_CLOSE_DELAY=-1'.

@Dimantchick
Copy link
Author

Additional.
In my solution i ovveride method to use other constructor
public SystemEnvProperties(Map<String, String> overrides)
It adds override values for env vars.
See org.keycloak.common.util.SystemEnvProperties#getProperty(java.lang.String) line 41, 42

@ulisseslima
Copy link
Contributor

Hey, @Dimantchick.

Thanks for the feedback. I'm assuming you were following this article: https://www.baeldung.com/keycloak-embedded-in-spring-boot-app

We'll look into this. This issue will remain open until then.

@Dimantchick
Copy link
Author

Yes. Find this repo from it article.

@kasramp
Copy link

kasramp commented Dec 14, 2023

The article is updated to reflect that the default Keycloack behavior does not allow to overwrite values via environment variable unless the key starts with env.*. Additionally, added a small example of how it can be achieved.

@kasramp kasramp closed this as completed Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
on-jira triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ulisseslima @kasramp @Dimantchick @collaboratewithakash