Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-184

Property Expansion in magnolia-sso/config.yaml fails on creation of SSOCallbackServlet

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.0.1
    • 3.0.0
    • None
    • None
    • AdminX 24
    • 2

      Intro:

      I'm currently trying to use the recent version of magnolia-sso:3.0.

      I followed the instructions on the documentation of the module, however it seems that property expansion in yaml files (see: https://docs.magnolia-cms.com/product-docs/6.2/Administration/Architecture/Configuration-management.html#_environment_variables) is not working, when the SSOCallbackServlet bean is loaded/created.

      The module configuration itself seems to work. I also debugged the code and saw that on one occassion the env property is correctly resolved. 

      But this mechanism does not seem to work, when the SSOCallbackServlet is loaded.

      Steps to reproduce

      1. Use magnolia-sso:3.0
      2. create a config.yaml definition in another maven module (filepath: /src/main/resources/magnolia-sso/config.yaml)
      3. Use env properties with !env directive (e.g.) 
        1. oidc.discoveryUri: !env ${oidc.discoveryUri}
      1. Provide env prop via IDE or shell
      2. start magnolia with -Dmagnolia.yaml.envsubst=true as VM option

      Expected results

      • SSO-Module is configured correctly
      • SSOCallbackServlet can be created 

      Actual results

      • SSO Module seems to be configured correctly (at least no error stackstrace during mgnl-startup)
      • SSOCallbackServlet creation fails with stacktrace (see below)

       

       

      2022-09-22 13:15:13,485 INFO  info.magnolia.cms.filters.CompositeFilter         : Initializing filter [Wrapper for DamDownloadServlet servlet]
2022-09-22 13:15:13,486 INFO  info.magnolia.cms.filters.CompositeFilter         : Initializing filter [Wrapper for SSOCallbackServlet servlet]
2022-09-22 13:15:13,487 ERROR info.magnolia.cms.filters.ServletDispatchingFilter: Unable to load servlet class info.magnolia.sso.SsoCallbackServlet : Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet]
info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet]
    at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:138) ~[magnolia-core-6.2.20.jar:?]
    at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:120) ~[magnolia-core-6.2.20.jar:?]
    at 
 ... //rest omitted 

Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to resolve param [0] of type [class info.magnolia.sso.config.Pac4jConfigProvider]
    at info.magnolia.objectfactory.ObjectManufacturer.resolveParameters(ObjectManufacturer.java:146) ~[magnolia-core-6.2.20.jar:?]
    at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:91) ~[magnolia-core-6.2.20.jar:?]
... //rest omitted


Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:1) Error injecting constructor, info.magnolia.config.source.yaml.YamlReaderException: YAML parsing error in LayeredResource{path='/magnolia-sso/config.yaml', layeredResources=[ClasspathResource{origin=classpath,path=/magnolia-sso/config.yaml,file}]} at line 22, column 21:
      oidc.discoveryUri: !env ${oidc.discoveryUri}
                         ^: Can't construct a java object for !env; exception=Invalid tag: !env
  at info.magnolia.sso.config.Pac4jConfigProvider.<init>(Pac4jConfigProvider.java:79)
  at info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule.bindImplementation(GuiceComponentConfigurationModule.java:160) (via modules: com.google.inject.util.Modules$OverrideModule -> com.google.inject.util.Modules$OverrideModule -> info.magnolia.objectfactory.guice.GuiceComponentProviderBuilder$1 -> info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule)
  while locating info.magnolia.sso.config.Pac4jConfigProvider

       

      Development notes

      To me it seems that property expansion is not applied on the latter. My understanding was that property expansion is not working on yaml-decorations, but should work on yaml definitions. AFAIK the config.yaml should be a yaml-definition, right ?

      Further notes:

      • We are on mgnl 6.2.20, so yaml config instead of microprofile
      • We could succesfully use magnolia-sso:2.0.6, but apperently we need the basic auth feature

      Feature docu link: https://docs.magnolia-cms.com/product-docs/6.2/Administration/Architecture/Configuration-management.html#_environment_variables

      Comment from mgeljic 
      interesting, I suppose we could support this via yamlReader#registerCustomConstruct(EnvSubst.TAG, new EnvSubst(...)); since SSO config typically contains client id/secret, env vars are legit and we don't have a more universal solution yet for injecting secrets at runtime. Worth noting that in MP config, env vars are supported ootb

        Acceptance criteria

          There are no Sub-Tasks for this issue.

              nguyen.phung Nguyen Phung Chi
              dlobo Denis Lobo
              AdminX
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 3.75d
                  3.75d