Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.x - SecurityCdiExtension should honor enabled=false for providers #8495

Closed
romain-grecourt opened this issue Mar 19, 2024 · 1 comment · Fixed by #8521
Closed

4.x - SecurityCdiExtension should honor enabled=false for providers #8495

romain-grecourt opened this issue Mar 19, 2024 · 1 comment · Fixed by #8521
Assignees
@tomas-langer
Labels
4.x Version 4.x enhancement New feature or request MP P2 security
Milestone
4.0.7

Comments

@romain-grecourt
Copy link
Contributor

Environment Details

  • Helidon Version: 4.0.6
  • Helidon MP

Problem Description

io.helidon.microprofile:helidon-microprofile-oidc always require configuration (see #8493) ; when trying to set security.providers.0.oidc.enabled=false SecurityCdiExtension fails with the following exception:

Exception in thread "main" java.lang.IllegalArgumentException: OidcConfig must be configured
	at io.helidon.security.providers.oidc.OidcProvider$Builder.build(OidcProvider.java:270)
	at io.helidon.security.providers.oidc.OidcProvider.create(OidcProvider.java:105)
	at io.helidon.security.providers.oidc.OidcProviderService.providerInstance(OidcProviderService.java:45)
	at io.helidon.security.Security$Builder.providerFromConfig(Security.java:1124)
	at io.helidon.security.Security$Builder.lambda$fromConfig$1(Security.java:979)
	at java.base/java.lang.Iterable.forEach(Iterable.java:75)
	at io.helidon.security.Security$Builder.lambda$fromConfig$2(Security.java:979)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at io.helidon.common.mapper.OptionalValue.ifPresent(OptionalValue.java:188)
	at io.helidon.security.Security$Builder.fromConfig(Security.java:978)
	at io.helidon.security.Security$Builder.config(Security.java:838)
	at io.helidon.microprofile.security.SecurityCdiExtension.configure(SecurityCdiExtension.java:95)

Note that the enabled property is specific to the Oidc provider, instead this should a be a generic mechanism that can be used with any providers and that should be honored when discovering providers either via ServiceLoader or with CDI.

Steps to reproduce

Add the following dependency:

<dependency>
    <groupId>io.helidon.microprofile</groupId>
    <artifactId>helidon-microprofile-oidc</artifactId>
</dependency>

Add the following configuration:

security:
  providers:
    - oidc:
        enabled: false
@romain-grecourt romain-grecourt added enhancement New feature or request MP security 4.x Version 4.x labels Mar 19, 2024
@romain-grecourt romain-grecourt added this to the 4.0.7 milestone Mar 19, 2024
@m0mus m0mus added the P2 label Mar 21, 2024
@tomas-langer tomas-langer mentioned this issue Mar 22, 2024
Merged
@tomas-langer
Copy link
Member

Solution: if enabled: false is set in configuration of a security provider, that provider instance will not be created and it will be ignored by security, as if it was not defined at all.

This was referenced Mar 22, 2024
Closed
Closed
@m0mus m0mus added this to Backlog Aug 12, 2024
@m0mus m0mus moved this to Closed in Backlog Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomas-langer tomas-langer

Labels
4.x Version 4.x enhancement New feature or request MP P2 security
Projects
Backlog
Archived in project
Milestone
4.0.7
Development

Successfully merging a pull request may close this issue.

4.x: Support for disabling security providers through configuration. tomas-langer/helidon
3 participants
@romain-grecourt @m0mus @tomas-langer