Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid SpringAddonsOidcProperties breaks native image #213

Closed
MichalJanocha opened this issue May 15, 2024 · 7 comments
Closed

Invalid SpringAddonsOidcProperties breaks native image #213

MichalJanocha opened this issue May 15, 2024 · 7 comments
Assignees
@ch4mpy
Labels
bug Something isn't working

Comments

@MichalJanocha
Copy link

Hello!

At first - thank you for the great work, brilliant repository :).

I didn't find a single note that spring-addons-starter-oidc should work fine in spring boot native images but as for now - for very basic case (token validation) it works almost fine so I've decided to report this bug - if you are not focusing on native images then feel free to close this ticket.

BUG DESCRIPTION:
It looks like SpringAddonsOidcProperties is missing NestedConfigurationProperty annotation on resourceserver and client fields which causes issues in native image (no values). While it works perfectly fine for map/list types it doesn't work for any nested classes, that's why ops field is totally fine.

Source:
https://docs.spring.io/spring-boot/reference/native-image/advanced-topics.html#native-image.advanced.nested-configuration-properties

EXPECTED BEHAVIOR:
All fields in SpringAddonsOidcProperties are properly populated in spring boot native image.

WORKAROUND:
For anyone who's looking for a simple workaround, this is how I solved the issue. It basically overrides default SecurityFilterChain bean defined by spring-addons:

@Configuration
public class WebSecurity {
  @Bean
  SecurityFilterChain springAddonsJwtResourceServer(
      HttpSecurity http, ServerProperties serverProperties, SpringAddonsOidcProperties addonsProperties, ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor, ResourceServerSynchronizedHttpSecurityPostProcessor httpPostProcessor, AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver, AuthenticationEntryPoint authenticationEntryPoint, Optional<AccessDeniedHandler> accessDeniedHandler
  ) throws Exception {
    http.oauth2ResourceServer(oauth2 -> {
      oauth2.authenticationManagerResolver(authenticationManagerResolver);
      oauth2.authenticationEntryPoint(authenticationEntryPoint);
      accessDeniedHandler.ifPresent(oauth2::accessDeniedHandler);
    });

    // override spring-addons settings
    addonsProperties.getResourceserver()
        .setPermitAll(List.of("/public/**"));

    ServletConfigurationSupport.configureResourceServer(http,
        serverProperties,
        addonsProperties.getResourceserver(),
        authorizePostProcessor,
        httpPostProcessor
    );

    return http.build();
  }
}
@MichalJanocha MichalJanocha added the bug Something isn't working label May 15, 2024
ch4mpy added a commit that referenced this issue May 16, 2024
@ch4mpy
gh-213 native images compatibility of @ConfigurationProperties
66ffc9d
@ch4mpy
Copy link
Owner

ch4mpy commented May 16, 2024

Hi @MichalJanocha

Thanks for reporting and investigating. There is no good reason for being incompatible with native images.

Would you kindly give a try to the latest SNAPSHOT? I added the missing @NestedConfigurationProperty on SpringAddonsOidcProperties#client and SpringAddonsOidcProperties#resourceserver. I also made all other @ConfigurationProperties nested-classes.

ch4mpy added a commit that referenced this issue May 16, 2024
@ch4mpy
gh-213 native images compatibility of @ConfigurationProperties
c807ad1
ch4mpy added a commit that referenced this issue May 16, 2024
@ch4mpy
gh-213 native images compatibility of @ConfigurationProperties
0321d2e
ch4mpy added a commit that referenced this issue May 16, 2024
@ch4mpy
gh-213 native images compatibility of @ConfigurationProperties
703d255
@MichalJanocha
Copy link
Author

Sadly I am not able to build the repository so I cannot get the latest snapshot version (or maybe you're publishing those somewhere and I missed it?). Anyway, thank you for the fast resolution!

@ch4mpy
Copy link
Owner

ch4mpy commented May 16, 2024
edited

I am not able to build the repository

Why that? it should be no more complicated than:

git clone https://github.com/ch4mpy/spring-addons.git
cd spring-addons
sh ./mvnw install

Once spring-addons-starter-oidc is built, you can kill the build (the samples are rather long to build)

@ch4mpy
Copy link
Owner

ch4mpy commented May 16, 2024

You can give a try to the 7.7.0 released just now.

@MichalJanocha
Copy link
Author

Build issue solved.. my Maven installation was broken + screwed local config, day to day I am using Gradle so I've never noticed that :). Let me test the release then.

@MichalJanocha
Copy link
Author

@ch4mpy looks like everything is fine. Scenarios I've tested: JVM, native, extended docker native. In comparison to 7.6.13 it looks like there is only one thing that stopped working - I didn't investigate that because it might be again my local problem but it looks like IntelliJ stopped sensing the properties, with 7.6.13 it was working for ops field, now it doesn't work for ops or any other property. Anyway - implemented fix works fine so I am closing this issue!

SS from IntelliJ:
image

@ch4mpy
Copy link
Owner

ch4mpy commented May 16, 2024
edited

Thanks for confirming the issue is solved and closing.

Auto-completion works as expected with 7.7.0 within Eclipse STS.
image
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ch4mpy ch4mpy

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ch4mpy @MichalJanocha