Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
core
Describe the bug
Due to a JDK behaviour change, kc.sh only allows JDWP debugging from the local network interface on JDK 9+. Before JDK 9 it would be allowed from any interface by default.
There is no simple way to reconfigure this with the current command line options for kc.sh.
Version
26.1.4 & 26.2.0
Regression
- The issue is a regression
Expected behavior
JDWP debugging should work for a keycloak container (if the port is exposed)
Actual behavior
JDWP connection is immediately closed when connecting.
How to Reproduce?
docker run -p 8080:8080 -p 8787:8787 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:26.2.0 start-dev --debug
Attempt to connect JDWP debugger to localhost:8787 (or simply telnet localhost 8787).
Anything else?
It looks like Quarkus changed this to all interfaces but I'm unsure if KC wants to do this directly to kc.sh or do something specific for the docker image?
The above default shouldn't be an issue if we specify --debug 0.0.0.0:8787 or --debug *:8787 but kc.sh only allows port numbers. Maybe this restriction should be loosened off?
Workaround: it is possible to debug KC on a docker container, but only awkwardly. You either have to set ALL JAVA_OPTS externally from kc.sh or edit kc.sh to add 0.0.0.0: to line 58).
If there's a clear direction on how this should be improved I'm happy to raise a PR for it.