New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ConnectionDetails for external providers in Spring Security modules #36777
Comments
@ParkerM Can you share a bit more information about how you use Testcontainers with Keycloak? Are you using https://testcontainers.com/modules/keycloak/ ? |
@philwebb yep, that's the one. Right now it looks a bit like the TestConfiguration + Bean method + injected DynamicPropertyRegistry approach described in the docs here (plus a few startup tasks that would ideally be rolled into the image or exist as opinionated defaults). This class is imported for int tests, and applied for the test application as I did manage to get the test application to start up with this configuration after some finagling — I was experiencing some sort of lifecycle issue with eager connections failing startup before the container was ready. Removing In any case, I'm curious whether the goals of the ConnectionDetails abstraction fundamentally align here (even if it's for my own selfish understanding of the API and its goals). If my understanding is correct then the Spring Security configs could potentially be a good fit, since most contain a representation of remote service(s) and the credentials used to connect. This would also provide more sensible means for programmatically accessing validated connection properties. My current approach involves injecting Boot's ConfigurationProperties beans and clumsily accessing deeply nested properties. Separating that concern into ConnectionDetails would make for more obvious injections and provide more convenient options for test stubs and such. Apologies if the info above isn't what you were looking for. If so let me know and I can expand or perhaps create an example project on my own time. |
We talked about this yesterday and we think the The approach would be the following:
Step 2 and 3 is the tricky bit. I've not looked at the Keycloak testcontainer in detail, but I remember from the standalone Keycloak that one has to do some realm / client setup before it's usable. |
Yeah, I currently have realm import do most of the work then use the Keycloak client to adjust some ports before the tests run (maybe the future will see something like a configurer DSL that simplifies test setup). My original plan was to just implement my own |
Would definitely like to see this happen as well, for any generic OpenID or OAuth2 provider. I'm specifically thinking about Dex and custom-built authorization servers. I'd want |
I'm just seeing this now @philwebb. Apologies for the delay. @rwinch and I have been talking about introducing integration testing support (spring-authorization-server#258) for Spring Authorization Server. I'm not familiar with the ConnectionDetails abstraction so I would need to look into this and see if this is an entry point for the support. |
Part of my dev workflow involves using Testcontainers with Keycloak for integration testing against a local, preconfigured IdP/authorization server. It would be awesome if I could use the very same configuration with a running instance through spring-boot-testcontainers, but from what I can tell this isn't currently possible unless the respective configurators implement or expose a
ConnectionDetails
in some way. (I assume I could achieve something like it if I replace the Spring Security autoconfigurations with my own, but I'd prefer to stick with conventions as much as possible.)The use cases that come to mind are:
spring.security.oauth2.client.provider
spring.security.saml2.relyingparty.registration.<id>.assertingparty
Does this seem like a sensible use case for the
ConnectionDetail
abstraction? I've noticed the current implementations seem concerned with strictly persistent connections, so perhaps this does not fit the intent. But, since the provider auto-configurations can lead to startup failure when the server is unreachable, the connections at least have some sort of persistent essence.The text was updated successfully, but these errors were encountered: