In a Spring Boot 3.1.3 application, I am using the Spring Addons library to configure my Spring Security. My application.properties looks like this and works fine:
com.c4-soft.springaddons.oidc.ops[0].iss=http://localhost:8180/realms/copsboot
com.c4-soft.springaddons.oidc.ops[0].authorities[0].path=$.realm_access.roles
com.c4-soft.springaddons.oidc.ops[0].authorities[0].prefix=ROLE_
I have a JUnit 5 test using Testcontainers and Keycloak that uses @DynamicPropertySource to set those properties to the URL of the Keycloak running via Testcontainers/Docker:
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops[0].iss", () -> keycloakContainer.getAuthServerUrl() + "/realms/copsboot");
}
The strange thing is that this does set that property, but the ...path and ...prefix properties are lost. I tried to set them explictly like this, but that also did not work:
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops[0].iss", () -> keycloakContainer.getAuthServerUrl() + "/realms/copsboot");
registry.add("com.c4-soft.springaddons.oidc.ops[0].path", () -> "$.realm_access.roles");
registry.add("com.c4-soft.springaddons.oidc.ops[0].prefix", () -> "ROLE_");
}
The only thing that did work, was doing something like this:
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops", () -> {
OpenidProviderProperties properties = new OpenidProviderProperties();
properties.setIss(URI.create(keycloak.getAuthServerUrl() + "/realms/copsboot"));
SimpleAuthoritiesMappingProperties mappingProperties = new SimpleAuthoritiesMappingProperties();
mappingProperties.setPath("$.realm_access.roles");
mappingProperties.setPrefix("ROLE_");
properties.setAuthorities(new SimpleAuthoritiesMappingProperties[]{mappingProperties});
return new OpenidProviderProperties[]{properties};
});
}
The source code of those properties can be seen here: SpringAddonsOidcProperties.java and OpenidProviderProperties.java and SimpleAuthoritiesMappingProperties.java
Is this expected behaviour? Or should it work with the properties like I tried?
Comment From: mhalbritter
Hello,
I can't reproduce this. I've written this test:
@SpringBootTest
class Sb37557ApplicationTests {
@Autowired
private Environment environment;
@Test
void contextLoads() {
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].iss")).isEqualTo("some-url");
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].authorities[0].path")).isEqualTo("$.realm_access.roles");
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].authorities[0].prefix")).isEqualTo("ROLE_");
}
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops[0].iss", () -> "some-url");
}
}
and my application.properties has this:
com.c4-soft.springaddons.oidc.ops[0].iss=http://localhost:8180/realms/copsboot
com.c4-soft.springaddons.oidc.ops[0].authorities[0].path=$.realm_access.roles
com.c4-soft.springaddons.oidc.ops[0].authorities[0].prefix=ROLE_
and the test passes. No missing ...path or ...prefix properties.
If you'd like us to spend some time investigating, please take the time to provide a complete minimal sample (something that we can unzip or git clone, build, and deploy) that reproduces the problem.
Comment From: mhalbritter
After playing around with it a bit more, I think there's a bug somewhere. I have a reproducer here: https://github.com/mhalbritter/issue-reproducers/tree/main/sb-37557
this test should pass:
@SpringBootTest
class Sb37557ApplicationTests {
@Autowired
private SpringAddonsOidcProperties properties;
@Autowired
private Environment environment;
@Test
void contextLoads() {
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].iss")).isEqualTo("http://localhost:8180/realms/copsboot");
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].authorities[0].path")).isEqualTo("$.realm_access.roles");
assertThat(this.environment.getProperty("com.c4-soft.springaddons.oidc.ops[0].authorities[0].prefix")).isEqualTo("ROLE_");
assertThat(this.properties.getOps().get(0).getIss()).isEqualTo(URI.create("http://localhost:8180/realms/copsboot"));
assertThat(this.properties.getOps().get(0).getAuthorities().get(0).getPath()).isEqualTo("$.realm_access.roles");
assertThat(this.properties.getOps().get(0).getAuthorities().get(0).getPrefix()).isEqualTo("ROLE_");
}
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops[0].iss", () -> "http://localhost:8180/realms/copsboot");
}
}
but it does not. It fails with
java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:266)
at java.base/java.util.Objects.checkIndex(Objects.java:361)
at java.base/java.util.ArrayList.get(ArrayList.java:427)
at com.example.sb37557.Sb37557ApplicationTests.contextLoads(Sb37557ApplicationTests.java:30)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:727)
at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131)
at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:156)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:147)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:86)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(InterceptingExecutableInvoker.java:103)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.lambda$invoke$0(InterceptingExecutableInvoker.java:93)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:92)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:86)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$7(TestMethodTestDescriptor.java:217)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:213)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:138)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:68)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:151)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:147)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:127)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:90)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:55)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:102)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:54)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:114)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
at org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
at org.junit.platform.launcher.core.SessionPerRequestLauncher.execute(SessionPerRequestLauncher.java:53)
at com.intellij.junit5.JUnit5IdeaTestRunner.startRunnerWithArgs(JUnit5IdeaTestRunner.java:57)
at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:232)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:55)
because this.properties.getOps().get(0).getAuthorities() is empty despite the property com.c4-soft.springaddons.oidc.ops[0].authorities[0].path=$.realm_access.roles.
This only happens when using @DynamicPropertySource.
Comment From: mhalbritter
This looks related to https://github.com/spring-projects/spring-boot/issues/25379, where Stephane said:
Unfortunately, that's not how merging complex types works, see the reference documentation for more details.
Comment From: mhalbritter
The key sentence in the documentation is:
When lists are configured in more than one place, overriding works by replacing the entire list.
Which is the case here. So this is not a bug, it's a (surprising) behavior of property binding, but at least it's documented.
This works:
@DynamicPropertySource
static void configureProperties(DynamicPropertyRegistry registry) {
registry.add("com.c4-soft.springaddons.oidc.ops[0].iss", () -> "http://localhost:8180/realms/copsboot");
registry.add("com.c4-soft.springaddons.oidc.ops[0].authorities[0].path", () -> "$.realm_access.roles");
registry.add("com.c4-soft.springaddons.oidc.ops[0].authorities[0].prefix", () -> "ROLE_");
}
Comment From: wimdeblauwe
Thank you so much for investigating this in detail! So it seems I was on the good way trying to configure the path and prefix explicitly, I just forgot to add the authorities[0] when I did. Thanks again.